1.

Solve : unregistered files?

Answer»

Hi there
Yes I used the removal tool and I've just finished doing the other housekeeping you suggested in an earlier message (28 July). Take your point about programs re-installing though I did wonder if I buy McAfee online and it recognises that the program's been removed (which it did) and I still have 240 days of my subscription left it wilol try to re-install - I guess I should ask McAfee that question huh?

Anyway, after a clean cold start yesterday and today, once I got into cleaning and so on the first reboot (after running TFC) I did brought up the same old messages. I've still to do the OTL so we'll see what that pushes out.

Thanks

Alexokay, done the OTL scan and the reports as follows - OTL.Txt first:

OTL logfile created on: 07/08/2011 14:53:35 - Run 1
OTL by OldTimer - Version 3.2.26.1 Folder = C:\Documents and Settings\HP_Owner\Desktop
Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000809 | Country: United Kingdom | Language: ENG | Date Format: dd/MM/yyyy

1023.36 Mb Total Physical Memory | 409.29 Mb Available Physical Memory | 39.99% Memory free
2.31 Gb Paging File | 1.64 Gb Available in Paging File | 70.84% Paging File free
Paging file location(s): C:\pagefile.sys 1440 2880 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 180.71 Gb Total Space | 89.63 Gb Free Space | 49.60% Space Free | Partition Type: NTFS
Drive D: | 5.58 Gb Total Space | 0.55 Gb Free Space | 9.84% Space Free | Partition Type: FAT32
Drive E: | 3.93 Gb Total Space | 0.00 Gb Free Space | 0.00% Space Free | Partition Type: UDF

Computer Name: YOUR-C94F920E24 | User Name: HP_Owner | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - C:\Documents and Settings\HP_Owner\Desktop\OTL.exe (OldTimer Tools)
PRC - C:\Program Files\SUPERAntiSpyware\SUPERANTISPYWARE.EXE (SUPERAntiSpyware.com)
PRC - C:\Program Files\SUPERAntiSpyware\SASCORE.EXE (SUPERAntiSpyware.com)
PRC - C:\Program Files\Emsisoft Anti-Malware\a2service.exe (Emsi Software GmbH)
PRC - c:\Program Files\McAfee\MSC\mcupdmgr.exe (McAfee, Inc.)
PRC - c:\Program Files\McAfee.com\Agent\mcupdate.exe (McAfee, Inc.)
PRC - C:\Program Files\McAfee.com\Agent\mcagent.exe (McAfee, Inc.)
PRC - C:\Program Files\real\realplayer\Update\realsched.exe (RealNetworks, Inc.)
PRC - C:\Program Files\Common Files\logishrd\LVMVFM\UMVPFSrv.exe (Logitech Inc.)
PRC - C:\WINDOWS\system32\mfevtps.exe (McAfee, Inc.)
PRC - C:\Program Files\Common Files\Mcafee\SystemCore\mfefire.exe (McAfee, Inc.)
PRC - C:\Program Files\Common Files\Mcafee\SystemCore\mcshield.exe (McAfee, Inc.)
PRC - C:\Program Files\Common Files\Mcafee\McSvcHost\McSvHost.exe (McAfee, Inc.)
PRC - C:\Program Files\McAfee Online Backup\MOBKbackup.exe (McAfee, Inc.)
PRC - C:\Program Files\Epson Software\Event Manager\EEventManager.exe (SEIKO EPSON CORPORATION)
PRC - C:\Program Files\Epson Software\FAX Utility\FUFAXSTM.exe (SEIKO EPSON CORPORATION)
PRC - C:\Program Files\BT Broadband Desktop Help\btbb\BTHelpNotifier.exe (Alcatel-Lucent)
PRC - C:\WINDOWS\explorer.exe (Microsoft Corporation)
PRC - C:\Program Files\CyberLink\PowerCinema\Kernel\TV\CLSched.exe ()
PRC - C:\Program Files\CyberLink\PowerCinema\Kernel\TV\CLCapSvc.exe ()
PRC - C:\Program Files\CyberLink\PowerCinema\Kernel\CLML_NTService\CLMLServer.exe (Cyberlink)
PRC - C:\Program Files\Java\jre1.5.0_05\bin\jusched.exe (Sun Microsystems, Inc.)
PRC - C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnf.exe ()
PRC - C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe (Hewlett-Packard)
PRC - C:\Program Files\Common Files\EPSON\EBAPI\SAgent2.exe (SEIKO EPSON CORPORATION)


========== Modules (SafeList) ==========

MOD - C:\Documents and Settings\HP_Owner\Desktop\OTL.exe (OldTimer Tools)
MOD - C:\Documents and Settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\Chrome\Hook\rpchrome10browserrecordhelper.dll (RealNetworks, Inc.)
MOD - C:\WINDOWS\WinSxS\x86_Microsoft.VC90.CRT_1fc8b3b9a1e18e3b_9.0.30729.6161_x-ww_31a54e43\msvcr90.dll (Microsoft Corporation)
MOD - C:\WINDOWS\WinSxS\x86_Microsoft.VC90.CRT_1fc8b3b9a1e18e3b_9.0.30729.6161_x-ww_31a54e43\msvcp90.dll (Microsoft Corporation)
MOD - c:\Program Files\McAfee\SiteAdvisor\sahook.dll (McAfee, Inc.)
MOD - C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.6028_x-ww_61e65202\comctl32.dll (Microsoft Corporation)
MOD - C:\Program Files\Common Files\Motive\McciContextHook_DSR.dll (Alcatel-Lucent)


========== Win32 Services (SafeList) ==========

SRV - (HidServ) -- File not found
SRV - (AppMgmt) -- File not found
SRV - (!SASCORE) -- C:\Program Files\SUPERAntiSpyware\SASCORE.EXE (SUPERAntiSpyware.com)
SRV - (a2AntiMalware) -- C:\Program Files\Emsisoft Anti-Malware\a2service.exe (Emsi Software GmbH)
SRV - (McODS) -- C:\Program Files\McAfee\VirusScan\mcods.exe (McAfee, Inc.)
SRV - (UMVPFSrv) -- C:\Program Files\Common Files\logishrd\LVMVFM\UMVPFSrv.exe (Logitech Inc.)
SRV - (mfevtp) -- C:\WINDOWS\system32\mfevtps.exe (McAfee, Inc.)
SRV - (mfefire) -- C:\Program Files\Common Files\McAfee\SystemCore\\mfefire.exe ()
SRV - (McShield) -- C:\Program Files\Common Files\McAfee\SystemCore\\mcshield.exe ()
SRV - (MSK80Service) -- C:\Program Files\Common Files\Mcafee\McSvcHost\McSvHost.exe (McAfee, Inc.)
SRV - (McProxy) -- C:\Program Files\Common Files\Mcafee\McSvcHost\McSvHost.exe (McAfee, Inc.)
SRV - (McNASvc) -- C:\Program Files\Common Files\Mcafee\McSvcHost\McSvHost.exe (McAfee, Inc.)
SRV - (McNaiAnn) -- C:\Program Files\Common Files\Mcafee\McSvcHost\McSvHost.exe (McAfee, Inc.)
SRV - (mcmscsvc) -- C:\Program Files\Common Files\Mcafee\McSvcHost\McSvHost.exe (McAfee, Inc.)
SRV - (McMPFSvc) -- C:\Program Files\Common Files\Mcafee\McSvcHost\McSvHost.exe (McAfee, Inc.)
SRV - (McAfee SiteAdvisor Service) -- C:\Program Files\Common Files\Mcafee\McSvcHost\McSvHost.exe (McAfee, Inc.)
SRV - (MOBKbackup) -- C:\Program Files\McAfee Online Backup\MOBKbackup.exe (McAfee, Inc.)
SRV - (CLSched) CyberLink Task Scheduler (CTS) -- C:\Program Files\CyberLink\PowerCinema\Kernel\TV\CLSched.exe ()
SRV - (CLCapSvc) CyberLink Background Capture Service (CBCS) -- C:\Program Files\CyberLink\PowerCinema\Kernel\TV\CLCapSvc.exe ()
SRV - (CyberLink Media Library Service) -- C:\Program Files\CyberLink\PowerCinema\Kernel\CLML_NTService\CLMLServer.exe (Cyberlink)
SRV - (EPSONStatusAgent2) -- C:\Program Files\Common Files\EPSON\EBAPI\SAgent2.exe (SEIKO EPSON CORPORATION)


========== Driver Services (SafeList) ==========

DRV - (SASKUTIL) -- C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS (SUPERAdBlocker.com and SUPERAntiSpyware.com)
DRV - (SASDIFSV) -- C:\Program Files\SUPERAntiSpyware\SASDIFSV.SYS (SUPERAdBlocker.com and SUPERAntiSpyware.com)
DRV - (a2acc) -- C:\Program Files\Emsisoft Anti-Malware\a2accx86.sys (Emsi Software GmbH)
DRV - (MREMP50) -- C:\Program Files\Common Files\Motive\MREMP50.sys (Printing Communications Assoc., Inc. (PCAUSA))
DRV - (MRESP50) -- C:\Program Files\Common Files\Motive\MRESP50.sys (Printing Communications Assoc., Inc. (PCAUSA))
DRV - (LVUVC) Logitech Webcam Pro 9000(UVC) -- C:\WINDOWS\system32\drivers\lvuvc.sys (Logitech Inc.)
DRV - (LVRS) -- C:\WINDOWS\system32\drivers\lvrs.sys (Logitech Inc.)
DRV - (mfehidk) -- C:\WINDOWS\system32\drivers\mfehidk.sys (McAfee, Inc.)
DRV - (mfefirek) -- C:\WINDOWS\system32\drivers\mfefirek.sys (McAfee, Inc.)
DRV - (mfeavfk) -- C:\WINDOWS\system32\drivers\mfeavfk.sys (McAfee, Inc.)
DRV - (mfeapfk) -- C:\WINDOWS\system32\drivers\mfeapfk.sys (McAfee, Inc.)
DRV - (mfetdi2k) -- C:\WINDOWS\system32\drivers\mfetdi2k.sys (McAfee, Inc.)
DRV - (mferkdet) -- C:\WINDOWS\system32\drivers\mferkdet.sys (McAfee, Inc.)
DRV - (mfendiskmp) -- C:\WINDOWS\system32\drivers\mfendisk.sys (McAfee, Inc.)
DRV - (mfendisk) -- C:\WINDOWS\system32\drivers\mfendisk.sys (McAfee, Inc.)
DRV - (mfebopk) -- C:\WINDOWS\system32\drivers\mfebopk.sys (McAfee, Inc.)
DRV - (cfwids) -- C:\WINDOWS\system32\drivers\cfwids.sys (McAfee, Inc.)
DRV - (LUsbFilt) -- C:\WINDOWS\system32\drivers\LUsbFilt.sys (Logitech, Inc.)
DRV - (LMouFilt) -- C:\WINDOWS\system32\drivers\LMouFilt.Sys (Logitech, Inc.)
DRV - (LHidFilt) -- C:\WINDOWS\system32\drivers\LHidFilt.Sys (Logitech, Inc.)
DRV - (LBeepKE) -- C:\WINDOWS\system32\drivers\LBeepKE.sys (Logitech, Inc.)
DRV - (FilterService) -- C:\WINDOWS\system32\drivers\lvuvcflt.sys (Logitech Inc.)
DRV - (LVPr2Mon) -- C:\WINDOWS\system32\drivers\LVPr2Mon.sys ()
DRV - (MOBKFilter) -- C:\WINDOWS\system32\drivers\MOBK.sys (Mozy, Inc.)
DRV - (SASENUM) -- C:\Program Files\SUPERAntiSpyware\SASENUM.SYS ( SUPERAdBlocker.com and SUPERAntiSpyware.com)
DRV - (LVUSBSta) -- C:\WINDOWS\system32\drivers\LVUSBSta.sys (Logitech Inc.)
DRV - (NWADI) -- C:\WINDOWS\system32\drivers\NWADIenum.sys (Novatel Wireless Inc)
DRV - (NWUSBPort) -- C:\WINDOWS\system32\drivers\nwusbser.sys (Novatel Wireless Inc.)
DRV - (NWUSBModem) -- C:\WINDOWS\system32\drivers\nwusbmdm.sys (Novatel Wireless Inc.)
DRV - (speedfan) -- C:\WINDOWS\system32\speedfan.sys (Windows (R) 2000 DDK provider)
DRV - (IntcAzAudAddService) Service for Realtek HD Audio (WDM) -- C:\WINDOWS\system32\drivers\RtkHDAud.sys (Realtek Semiconductor Corp.)
DRV - (ati2mtag) -- C:\WINDOWS\system32\drivers\ati2mtag.sys (ATI Technologies Inc.)
DRV - (AgereSoftModem) -- C:\WINDOWS\system32\drivers\AGRSM.sys (Agere Systems)
DRV - (RTL8023xp) -- C:\WINDOWS\system32\drivers\Rtnicxp.sys (Realtek Semiconductor Corporation )
DRV - (Ps2) -- C:\WINDOWS\system32\drivers\PS2.sys (Hewlett-Packard Company)
DRV - (rtl8139) Realtek RTL8139(A/B/C) -- C:\WINDOWS\system32\drivers\RTL8139.sys (Realtek Semiconductor Corporation)
DRV - (alcaudsl) -- C:\WINDOWS\system32\drivers\alcaudsl.sys (THOMSON)
DRV - (alcan5wn) SpeedTouch USB ADSL PPP Networking Driver (NDISWAN) -- C:\WINDOWS\system32\drivers\alcan5wn.sys (THOMSON)
DRV - (RTPP2K) -- C:\WINDOWS\system32\drivers\rtpp2k.sys (Shuttle Technology.)
DRV - (giveio) -- C:\WINDOWS\system32\giveio.sys ()


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,CustomSearch = http://uk.red.clientapps.yahoo.com/customize/btyahoo/defaults/cs/*http://uk.docs.yahoo.com/info/bt_side.html

IE - HKCU\..\URLSearchHook: {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\Program Files\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
IE - HKCU\..\URLSearchHook: {ad708c09-d51b-45b3-9d28-4eba2681febf} - C:\Program Files\Download_Energy\prxtbDow0.dll (Conduit Ltd.)
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

========== FireFox ==========

FF - prefs.js..browser.search.defaultengine: "Ask.com"
FF - prefs.js..browser.search.defaultenginen ame: "Ask.com"
FF - prefs.js..browser.search.order.1: "Ask.com"
FF - prefs.js..browser.search.selectedEngine: "Google"
FF - prefs.js..browser.search.suggest.enable d: false
FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..browser.startup.homepage: "http://www.google.co.uk/webhp?hl=en&source=hp&btnG=Google+Search"
FF - prefs.js..extensions.enabledItems: {B7082FAA-CB62-4872-9106-E42DD88EDE45}:3.3.1
FF - prefs.js..extensions.enabledItems: [emailprotected]:1.0
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}:6.0.20
FF - prefs.js..extensions.enabledItems: {73e1e35c-27c2-44c5-90fa-cf9da6cbfec3}:1.0
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}:6.0.21
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}:6.0.22
FF - prefs.js..extensions.enabledItems: {b9452a5b-916c-404f-8479-850185ae13bc}:1.0
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}:6.0.23
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}:6.0.24
FF - prefs.js..network.proxy.no_proxies_on: "*.local"


FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\WINDOWS\system32\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\WINDOWS\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@mcafee.com/MSC,version=10: c:\progra~1\mcafee\msc\npmcsn~1.dll ()
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\4.0.60531.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@Motive.com/NpMotive,version=1.0: C:\Program Files\Common Files\Motive\npMotive.dll (Motive, Inc.)
FF - HKLM\Software\MozillaPlugins\@ngm.nexoneu.com/NxGame: File not found
FF - HKLM\Software\MozillaPlugins\@real.com/nppl3260;version=12.0.1.647: c:\program files\real\realplayer\Netscape6\nppl3260.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprjplug;version=12.0.1.647: c:\program files\real\realplayer\Netscape6\nprjplug.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprpchromebrowserrecordext;version=12.0.1.652: C:\Documents and Settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprpchromebrowserrecordext.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprphtml5videoshim;version=12.0.1.652: C:\Documents and Settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprpjplug;version=12.0.1.647: c:\program files\real\realplayer\Netscape6\nprpjplug.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nsJSRealPlayerPlugin;version=: File not found
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.65\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.65\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 9.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKCU\Software\MozillaPlugins\@unity3d.com/UnityPlayer,version=1.0: C:\Documents and Settings\HP_Owner\Local Settings\Application Data\Unity\WebPlayer\loader\npUnity3D32.dll (Unity Technologies ApS)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{ABDE892B-13A8-4d1b-88E6-365A6E755758}: C:\Documents and Settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext [2011/06/12 09:55:53 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{B7082FAA-CB62-4872-9106-E42DD88EDE45}: C:\Program Files\McAfee\SiteAdvisor [2011/08/04 14:45:08 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 5.0\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2011/06/22 15:57:49 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 5.0\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2011/06/16 10:35:12 | 000,000,000 | ---D | M]

[2009/10/31 14:05:34 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\HP_Owner\Application Data\Mozilla\Extensions
[2009/03/06 00:37:22 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\HP_Owner\Application Data\Mozilla\Extensions\[emailprotected]
[2011/08/05 10:49:36 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\HP_Owner\Application Data\Mozilla\Firefox\Profiles\jvo1qb88.default\extensions
[2011/08/05 10:49:36 | 000,000,000 | ---D | M] (WOT) -- C:\Documents and Settings\HP_Owner\Application Data\Mozilla\Firefox\Profiles\jvo1qb88.default\extensions\{a0d7ccb3-214d-498b-b4aa-0e8fda9a7bf7}
[2011/06/22 17:28:16 | 000,002,571 | ---- | M] () -- C:\Documents and Settings\HP_Owner\Application Data\Mozilla\Firefox\Profiles\jvo1qb88.default\searchplugins\askcom.xml
[2010/10/01 22:31:36 | 000,001,820 | ---- | M] () -- C:\Documents and Settings\HP_Owner\Application Data\Mozilla\Firefox\Profiles\jvo1qb88.default\searchplugins\bing.xml
[2010/10/01 22:12:25 | 000,005,471 | ---- | M] () -- C:\Documents and Settings\HP_Owner\Application Data\Mozilla\Firefox\Profiles\jvo1qb88.default\searchplugins\googlecom-in-english.xml
[2011/07/21 22:50:29 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
[2010/04/27 15:54:22 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}
[2010/10/02 14:55:05 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}
[2010/10/26 21:03:23 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}
[2010/12/27 11:37:46 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}
[2011/02/27 10:32:53 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}
[2011/07/21 22:50:29 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA}
File not found (No name found) --
() (No name found) -- C:\DOCUMENTS AND SETTINGS\HP_OWNER\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\JVO1QB88.DEFAULT\EXTENSIONS\{D10D0BF8-F5B5-C8B4-A8B2-2B9879E08C5D}.XPI
[2011/07/21 22:50:11 | 000,000,000 | ---D | M] (Java Quick Starter) -- C:\PROGRAM FILES\JAVA\JRE6\LIB\DEPLOY\JQS\FF
[2011/06/27 10:51:09 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\WINDOWS\MICROSOFT.NET\FRAMEWORK\V3.5\WINDOWS PRESENTATION FOUNDATION\DOTNETASSISTANTEXTENSION
[2011/06/22 15:57:46 | 000,142,296 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll
[2011/04/14 14:01:38 | 000,024,376 | ---- | M] (McAfee, Inc.) -- C:\Program Files\mozilla firefox\components\Scriptff.dll
[2011/07/21 22:50:09 | 000,476,904 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\mozilla firefox\plugins\npdeployJava1.dll
[2010/01/01 09:00:00 | 000,001,538 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\amazon-en-GB.xml
[2010/01/01 09:00:00 | 000,002,252 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml
[2010/01/01 09:00:00 | 000,000,947 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\chambers-en-GB.xml
[2010/01/01 09:00:00 | 000,001,180 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\eBay-en-GB.xml
[2010/08/24 11:08:35 | 000,002,027 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\McSiteAdvisor.xml
[2010/01/01 09:00:00 | 000,001,135 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\yahoo-en-GB.xml

O1 HOSTS File: ([2011/07/26 12:53:07 | 000,000,027 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (scriptproxy) - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files\Common Files\Mcafee\SystemCore\ScriptSn.20110803101551.dll (McAfee, Inc.)
O2 - BHO: (Easy Photo Print) - {9421DD08-935F-4701-A9CA-22DF90AC4EA6} - C:\Program Files\Epson Software\Easy Photo Print\EPTBL.dll (SEIKO EPSON CORPORATION / CyCom Technology Corp.)
O2 - BHO: (McAfee SiteAdvisor BHO) - {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - c:\Program Files\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
O3 - HKLM\..\Toolbar: (McAfee SiteAdvisor Toolbar) - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\Program Files\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
O3 - HKLM\..\Toolbar: (Conduit Engine ) - {30F9B915-B755-4826-820B-08FBA6BD249D} - C:\Program Files\ConduitEngine\prxConduitEngine.dll (Conduit Ltd.)
O3 - HKLM\..\Toolbar: (Easy Photo Print) - {9421DD08-935F-4701-A9CA-22DF90AC4EA6} - C:\Program Files\Epson Software\Easy Photo Print\EPTBL.dll (SEIKO EPSON CORPORATION / CyCom Technology Corp.)
O3 - HKLM\..\Toolbar: (Download ENERGY Toolbar) - {ad708c09-d51b-45b3-9d28-4eba2681febf} - C:\Program Files\Download_Energy\prxtbDow0.dll (Conduit Ltd.)
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (Download Energy Toolbar) - {AD708C09-D51B-45B3-9D28-4EBA2681FEBF} - C:\Program Files\Download_Energy\prxtbDow0.dll (Conduit Ltd.)
O4 - HKLM..\Run: [btbb_McciTrayApp] C:\Program Files\BT Broadband Desktop Help\btbb\BTHelpNotifier.exe (Alcatel-Lucent)
O4 - HKLM..\Run: [EEventManager] C:\Program Files\Epson Software\Event Manager\EEventManager.exe (SEIKO EPSON CORPORATION)
O4 - HKLM..\Run: [ftutil2] C:\WINDOWS\System32\ftutil2.dll (Promise Technology, Inc.)
O4 - HKLM..\Run: [FUFAXSTM] C:\Program Files\Epson Software\FAX Utility\FUFAXSTM.exe (SEIKO EPSON CORPORATION)
O4 - HKLM..\Run: [HPBootOp] C:\Program Files\Hewlett-Packard\HP Boot Optimizer\HPBootOp.exe (Hewlett-Packard Company)
O4 - HKLM..\Run: [HPHUPD08] c:\Program Files\HP\Digital Imaging\{33D6CC28-9F75-4d1b-A11D-98895B3A3729}\hphupd08.exe (Hewlett-Packard)
O4 - HKLM..\Run: [mcui_exe] C:\Program Files\McAfee.com\Agent\mcagent.exe (McAfee, Inc.)
O4 - HKLM..\Run: [NvCplDaemon] C:\WINDOWS\System32\NvCpl.dll (NVIDIA Corporation)
O4 - HKLM..\Run: [Recguard] C:\WINDOWS\SMINST\Recguard.exe ()
O4 - HKLM..\Run: [Share-to-Web Namespace Daemon] C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe (Hewlett-Packard)
O4 - HKLM..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_05\bin\jusched.exe (Sun Microsystems, Inc.)
O4 - HKLM..\Run: [TkBellExe] C:\program files\real\realplayer\update\realsched.exe (RealNetworks, Inc.)
O4 - HKCU..\Run: [EPSON PX820FWD Series] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIGXE.EXE (SEIKO EPSON CORPORATION)
O4 - HKCU..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERANTISPYWARE.EXE (SUPERAntiSpyware.com)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\AutorunsDisabled [2011/07/16 10:31:49 | 000,000,000 | -H-D | M]
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoCDBurning = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDevMgrUpdate = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoLowDiskSpaceChecks = 1
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O9 - Extra Button: BT Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll (Yahoo! Inc.)
O9 - Extra 'Tools' menuitem : Spybot - Search && Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O9 - Extra Button: CONNECTION Help - {E2D4D26B-0180-43a4-B05F-462D6D54C789} - C:\WINDOWS\pchealth\helpctr\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\IEButton\support.htm ()
O9 - Extra 'Tools' menuitem : Connection Help - {E2D4D26B-0180-43a4-B05F-462D6D54C789} - C:\WINDOWS\pchealth\helpctr\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\IEButton\support.htm ()
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} C:\Program Files\Yahoo!\Common\Yinsthelper.dll (Installation Support)
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} http://www.update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1199112852312 (MUWebControl Class)
O16 - DPF: {85D1F3B2-2A21-11D7-97B9-0010DC2A6243} http://secure2.comned.com/signuptemplates/securelogin-devel.cab (SecureLogin class)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab (Java Plug-in 1.6.0_26)
O16 - DPF: {CAFEEFAC-0015-0000-0005-ABCDEFFEDCBA} http://java.sun.com/update/1.5.0/jinstall-1_5_0_05-windows-i586.cab (Java Plug-in 1.5.0_05)
O16 - DPF: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab (Java Plug-in 1.6.0_26)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab (Java Plug-in 1.6.0_26)
O16 - DPF: {D0C0F75C-683A-4390-A791-1ACFD5599AB8} http://uk.games.myspace.com/Gameshell/GameHost/1.0/OberonGameHost.cab (Oberon Flash Game Host)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.254
O18 - Protocol\Handler\dssrequest {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
O18 - Protocol\Handler\sacore {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
O18 - Protocol\Filter\application/x-mfe-ipt {3EF5086B-5478-4598-A054-786C45D75692} - c:\Program Files\McAfee\MSC\McSnIePl.dll (McAfee, Inc.)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - Winlogon\Notify\!SASWinLogon: DllName - C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL - C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL (SUPERAntiSpyware.com)
O20 - Winlogon\Notify\AtiExtEvent: DllName - Ati2evxx.dll - C:\WINDOWS\System32\ati2evxx.dll (ATI Technologies Inc.)
O24 - Desktop WallPaper: C:\Documents and Settings\HP_Owner\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O24 - Desktop BackupWallPaper: C:\Documents and Settings\HP_Owner\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O28 - HKLM ShellExecuteHooks: {5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} - C:\Program Files\SUPERAntiSpyware\SASSEH.DLL (SuperAdBlocker.com)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2005/12/06 00:32:08 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O32 - AutoRun File - [2001/07/27 15:07:38 | 000,000,000 | -HS- | M] () - D:\AUTOEXEC.BAT -- [ FAT32 ]
O32 - AutoRun File - [2005/02/25 18:24:46 | 000,000,051 | R--- | M] () - E:\autorun.inf -- [ UDF ]
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2011/08/07 14:49:16 | 000,579,584 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\HP_Owner\Desktop\OTL.exe
[2011/08/07 11:29:06 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\McAfee
[2011/08/07 11:17:34 | 000,000,000 | ---D | C] -- C:\WINDOWS\LastGood
[2011/08/05 10:47:11 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\iTunes
[2011/08/05 10:43:46 | 000,000,000 | ---D | C] -- C:\Program Files\iPod
[2011/08/05 10:43:29 | 000,000,000 | ---D | C] -- C:\Program Files\iTunes
[2011/08/05 10:43:29 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\{429CAD59-35B1-4DBC-BB6D-1DB246563521}
[2011/08/05 10:34:58 | 000,000,000 | ---D | C] -- C:\Program Files\Bonjour
[2011/08/05 10:22:26 | 081,496,432 | ---- | C] (Apple Inc.) -- C:\Program Files\iTunesSetup.exe
[2011/08/05 10:21:23 | 000,000,000 | ---D | C] -- C:\Program Files\Apple Software Update
[2011/08/05 10:17:20 | 037,806,960 | ---- | C] (Apple Inc.) -- C:\Program Files\SafariSetup.exe
[2011/08/05 10:12:57 | 000,909,600 | ---- | C] (Sun Microsystems, Inc.) -- C:\Program Files\jre-6u26-windows-i586-iftw.exe
[2011/08/05 10:11:42 | 003,124,384 | ---- | C] (Adobe Systems, Inc.) -- C:\Program Files\install_flash_player_ax.exe
[2011/08/05 09:13:47 | 000,446,464 | ---- | C] (OldTimer Tools) -- C:\Program Files\TFC.exe
[2011/08/04 20:01:09 | 000,000,000 | --SD | C] -- C:\ComboFix
[2011/08/04 09:37:38 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\!SASCORE
[2011/08/03 10:17:53 | 000,000,000 | ---D | C] -- C:\Program Files\McAfeeMOBK
[2011/08/03 10:17:39 | 000,000,000 | --SD | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\McAfee Online Backup
[2011/08/03 10:17:38 | 000,054,776 | ---- | C] (Mozy, Inc.) -- C:\WINDOWS\System32\drivers\MOBK.sys
[2011/08/03 10:17:31 | 000,000,000 | ---D | C] -- C:\Program Files\McAfee Online Backup
[2011/08/03 10:15:50 | 000,009,344 | ---- | C] (McAfee, Inc.) -- C:\WINDOWS\System32\drivers\mfeclnk.sys
[2011/08/03 10:15:46 | 000,089,368 | ---- | C] (McAfee, Inc.) -- C:\WINDOWS\System32\drivers\mfetdi2k.sys
[2011/08/03 10:00:22 | 000,085,984 | ---- | C] (McAfee, Inc.) -- C:\WINDOWS\System32\drivers\mferkdet.sys
[2011/08/03 10:00:22 | 000,083,688 | ---- | C] (McAfee, Inc.) -- C:\WINDOWS\System32\drivers\mfendisk.sys
[2011/08/03 10:00:21 | 000,337,912 | ---- | C] (McAfee, Inc.) -- C:\WINDOWS\System32\drivers\mfefirek.sys
[2011/08/03 10:00:21 | 000,179,248 | ---- | C] (McAfee, Inc.) -- C:\WINDOWS\System32\drivers\mfeavfk.sys
[2011/08/03 10:00:21 | 000,059,288 | ---- | C] (McAfee, Inc.) -- C:\WINDOWS\System32\drivers\mfebopk.sys
[2011/08/03 10:00:21 | 000,057,432 | ---- | C] (McAfee, Inc.) -- C:\WINDOWS\System32\drivers\cfwids.sys
[2011/08/03 10:00:12 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Mcafee
[2011/08/03 10:00:09 | 000,000,000 | ---D | C] -- C:\Program Files\McAfee.com
[2011/08/03 09:59:32 | 000,000,000 | ---D | C] -- C:\Program Files\McAfee
[2011/08/03 09:58:24 | 000,148,520 | ---- | C] (McAfee, Inc.) -- C:\WINDOWS\System32\mfevtps.exe
[2011/08/02 11:00:32 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\McAfee
[2011/07/26 23:50:49 | 000,000,000 | ---D | C] -- C:\Program Files\ESET
[2011/07/26 23:50:11 | 002,322,184 | ---- | C] (ESET) -- C:\Documents and Settings\HP_Owner\Desktop\esetsmartinstaller_enu.exe
[2011/07/26 14:32:16 | 000,000,000 | ---D | C] -- C:\Documents and Settings\HP_Owner\Desktop\SysProt
[2011/07/26 14:23:55 | 000,000,000 | -HSD | C] -- C:\RECYCLER
[2011/07/26 12:50:44 | 000,000,000 | ---D | C] -- C:\WINDOWS\temp
[2011/07/25 14:47:38 | 000,000,000 | -HSD | C] -- C:\Documents and Settings\HP_Owner\PrivacIE
[2011/07/25 13:53:37 | 000,000,000 | -HSD | C] -- C:\Documents and Settings\HP_Owner\IETldCache
[2011/07/25 13:49:30 | 000,000,000 | ---D | C] -- C:\WINDOWS\ie8updates
[2011/07/25 13:44:57 | 000,000,000 | -H-D | C] -- C:\WINDOWS\ie8
[2011/07/25 13:38:41 | 000,743,424 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\iedvtool.dll
[2011/07/25 09:51:51 | 000,000,000 | RHSD | C] -- C:\cmdcons
[2011/07/25 09:45:55 | 000,000,000 | ---D | C] -- C:\WINDOWS\ERDNT
[2011/07/22 00:53:23 | 000,000,000 | ---D | C] -- C:\Program Files\Dial-a-fix-v0.60.0.24
[2011/07/21 22:58:41 | 000,000,000 | ---D | C] -- C:\Documents and Settings\HP_Owner\Start Menu\Programs\HiJackThis
[2011/07/21 22:58:39 | 000,000,000 | ---D | C] -- C:\Program Files\Trend Micro
[2011/07/21 22:50:27 | 000,157,472 | ---- | C] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\javaws.exe
[2011/07/21 22:50:27 | 000,145,184 | ---- | C] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\javaw.exe
[2011/07/21 22:50:27 | 000,145,184 | ---- | C] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\java.exe
[2011/07/21 22:50:27 | 000,073,728 | ---- | C] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\javacpl.cpl
[2011/07/21 15:53:35 | 000,000,000 | RH-D | C] -- C:\Documents and Settings\HP_Owner\Recent
[2011/07/12 15:52:05 | 000,008,192 | ---- | C] (SEIKO EPSON CORP.) -- C:\WINDOWS\System32\E_DCINST.DLL
[2011/07/12 15:51:58 | 000,093,696 | ---- | C] (SEIKO EPSON CORPORATION) -- C:\WINDOWS\System32\E_FLBGXE.DLL
[2011/07/12 15:51:58 | 000,063,488 | ---- | C] (SEIKO EPSON CORPORATION) -- C:\WINDOWS\System32\E_FD4BGXE.DLL
[2011/07/12 15:46:54 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\UDL
[2011/07/12 15:39:05 | 000,000,000 | ---D | C] -- C:\Documents and Settings\HP_Owner\Application Data\Epson
[2011/07/12 15:38:40 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Epson Software
[2011/07/12 15:38:38 | 000,000,000 | ---D | C] -- C:\Program Files\Epson Software
[2011/07/12 15:38:15 | 000,475,410 | ---- | C] (SEIKO EPSON CORPORATION) -- C:\WINDOWS\System32\ensppmon.dll
[2011/07/12 15:38:15 | 000,458,129 | ---- | C] (SEIKO EPSON CORPORATION) -- C:\WINDOWS\System32\ensppui.dll
[2011/07/12 15:38:15 | 000,249,344 | ---- | C] (SEIKO EPSON CORPORATION) -- C:\WINDOWS\System32\enspres.dll
[2011/07/12 15:38:14 | 000,475,410 | ---- | C] (SEIKO EPSON CORPORATION) -- C:\WINDOWS\System32\enppmon.dll
[2011/07/12 15:38:14 | 000,458,129 | ---- | C] (SEIKO EPSON CORPORATION) -- C:\WINDOWS\System32\enppui.dll
[2011/07/12 15:38:14 | 000,249,344 | ---- | C] (SEIKO EPSON CORPORATION) -- C:\WINDOWS\System32\enpres.dll
[2011/07/12 15:38:05 | 000,000,000 | ---D | C] -- C:\Documents and Settings\HP_Owner\Application Data\InstallShield
[2011/07/12 15:36:40 | 000,000,000 | ---D | C] -- C:\Program Files\EpsonNet
[2011/07/12 15:34:27 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\EPSON
[2011/07/12 15:34:12 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\EPSON
[2011/07/12 15:34:11 | 000,342,016 | ---- | C] (Seiko Epson Corporation) -- C:\WINDOWS\System32\eswiaud.dll
[2011/07/12 15:34:11 | 000,132,560 | ---- | C] (Seiko Epson Corporation) -- C:\WINDOWS\System32\esdevapp.exe
[2011/07/12 15:34:11 | 000,012,800 | ---- | C] (Seiko Epson Corporation) -- C:\WINDOWS\System32\escdev.dll
[2011/07/12 11:20:54 | 000,178,536 | ---- | C] (Apple Inc.) -- C:\WINDOWS\System32\dnssdX.dll
[2011/07/12 11:20:54 | 000,083,816 | ---- | C] (Apple Inc.) -- C:\WINDOWS\System32\dns-sd.exe
[2011/07/12 11:20:54 | 000,073,064 | ---- | C] (Apple Inc.) -- C:\WINDOWS\System32\dnssd.dll
[2010/08/11 10:14:24 | 003,887,480 | ---- | C] (Sysinternals - www.sysinternals.com) -- C:\Program Files\procexp.exe
[2010/02/20 23:05:43 | 000,559,992 | ---- | C] (Sysinternals - www.sysinternals.com) -- C:\Program Files\autorunsc.exe
[2009/11/24 14:22:22 | 018,665,720 | ---- | C] (Lime Wire LLC) -- C:\Program Files\LimeWireWin.exe
[2009/07/07 13:05:47 | 000,401,484 | ---- | C] (Microsoft Corporation) -- C:\Program Files\msvcrtd.dll
[2009/03/12 16:43:33 | 001,971,378 | ---- | C] (LIGHTNING UK!) -- C:\Program Files\SetupImgBurn_2.4.2.0.exe
[2009/02/22 22:35:19 | 003,171,208 | ---- | C] (Piriform Ltd) -- C:\Program Files\ccsetup216.exe
[2009/02/21 14:50:17 | 018,638,688 | ---- | C] (PC Tools ) -- C:\Program Files\sdsetup.exe
[2009/01/03 21:33:47 | 006,832,928 | ---- | C] (ESTsoft Corp. ) -- C:\Program Files\alzip.exe
[2009/01/03 18:33:23 | 008,973,608 | ---- | C] (M.Dev Software ) -- C:\Program Files\zg603sui.exe
[2008/12/09 16:01:50 | 004,399,029 | ---- | C] (Joseph Leung ) -- C:\Program Files\quickzip.exe
[2008/07/09 12:27:25 | 000,820,380 | ---- | C] ( ) -- C:\Program Files\audacity-win-1.2.6.exe
[1 C:\Documents and Settings\HP_Owner\Desktop\*.tmp files -> C:\Documents and Settings\HP_Owner\Desktop\*.tmp -> ]
[1 C:\Documents and Settings\HP_Owner\*.tmp files -> C:\Documents and Settings\HP_Owner\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2011/08/07 14:49:17 | 000,579,584 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\HP_Owner\Desktop\OTL.exe
[2011/08/07 14:22:00 | 000,000,886 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
[2011/08/07 12:19:48 | 000,000,292 | ---- | M] () -- C:\WINDOWS\tasks\RealUpgradeScheduledTaskS-1-5-21-1157552183-2752306718-432289623-1008.job
[2011/08/07 12:19:47 | 000,000,284 | ---- | M] () -- C:\WINDOWS\tasks\RealUpgradeLogonTaskS-1-5-21-1157552183-2752306718-432289623-1008.job
[2011/08/07 11:47:53 | 000,000,188 | ---- | M] () -- C:\WINDOWS\System\hpsysdrv.DAT
[2011/08/07 11:29:06 | 000,001,606 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\McAfee Internet Security.lnk
[2011/08/07 11:12:43 | 000,186,910 | ---- | M] () -- C:\WINDOWS\System32\nvapps.xml
[2011/08/07 11:12:41 | 000,000,882 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
[2011/08/07 11:12:33 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2011/08/07 11:12:31 | 1073,139,712 | -HS- | M] () -- C:\hiberfil.sys
[2011/08/07 11:12:15 | 000,000,000 | ---- | M] () -- C:\WINDOWS\System32\drivers\lvuvc.hs
[2011/08/06 10:23:48 | 000,001,824 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Google Chrome.lnk
[2011/08/05 10:47:11 | 000,001,553 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\iTunes.lnk
[2011/08/05 10:33:09 | 000,092,776 | -H-- | M] () -- C:\WINDOWS\System32\mlfcache.dat
[2011/08/05 10:29:01 | 081,496,432 | ---- | M] (Apple Inc.) -- C:\Program Files\iTunesSetup.exe
[2011/08/05 10:28:24 | 000,001,854 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Safari.lnk
[2011/08/05 10:28:24 | 000,001,854 | ---- | M] () -- C:\Documents and Settings\HP_Owner\Application Data\Microsoft\Internet Explorer\Quick Launch\Apple Safari.lnk
[2011/08/05 10:21:31 | 000,000,284 | ---- | M] () -- C:\WINDOWS\tasks\AppleSoftwareUpdate.job
[2011/08/05 10:20:11 | 037,806,960 | ---- | M] (Apple Inc.) -- C:\Program Files\SafariSetup.exe
[2011/08/05 10:12:58 | 000,909,600 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\jre-6u26-windows-i586-iftw.exe
[2011/08/05 10:12:04 | 000,404,640 | ---- | M] (Adobe Systems Incorporated) -- C:\WINDOWS\System32\FlashPlayerCPLApp.cpl
[2011/08/05 10:11:43 | 003,124,384 | ---- | M] (Adobe Systems, Inc.) -- C:\Program Files\install_flash_player_ax.exe
[2011/08/05 09:13:48 | 000,446,464 | ---- | M] (OldTimer Tools) -- C:\Program Files\TFC.exe
[2011/07/27 03:03:10 | 000,001,374 | ---- | M] () -- C:\WINDOWS\imsins.BAK
[2011/07/26 23:50:12 | 002,322,184 | ---- | M] (ESET) -- C:\Documents and Settings\HP_Owner\Desktop\esetsmartinstaller_enu.exe
[2011/07/26 12:53:07 | 000,000,027 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts
[2011/07/25 14:47:12 | 000,000,678 | ---- | M] () -- C:\Documents and Settings\HP_Owner\Desktop\Shortcut to iexplore.lnk
[2011/07/25 09:51:59 | 000,000,327 | RHS- | M] () -- C:\boot.ini
[2011/07/22 17:21:08 | 000,002,397 | ---- | M] () -- C:\Documents and Settings\HP_Owner\Desktop\PagePlus 11 (2).lnk
[2011/07/22 01:00:46 | 000,023,392 | ---- | M] () -- C:\WINDOWS\System32\nscompat.tlb
[2011/07/22 01:00:46 | 000,016,832 | ---- | M] () -- C:\WINDOWS\System32\amcompat.tlb
[2011/07/22 00:53:42 | 000,000,765 | ---- | M] () -- C:\Documents and Settings\HP_Owner\Desktop\Shortcut to Dial-a-fix-v0.60.0.24.lnk
[2011/07/21 23:01:00 | 000,000,759 | ---- | M] () -- C:\Documents and Settings\HP_Owner\Desktop\Shortcut to sniper.exe.lnk
[2011/07/21 22:59:30 | 000,000,544 | ---- | M] () -- C:\WINDOWS\zipgenius.xml
[2011/07/21 22:50:07 | 000,157,472 | ---- | M] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\javaws.exe
[2011/07/21 22:50:07 | 000,145,184 | ---- | M] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\javaw.exe
[2011/07/21 22:50:06 | 000,145,184 | ---- | M] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\java.exe
[2011/07/21 22:50:06 | 000,073,728 | ---- | M] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\javacpl.cpl
[2011/07/21 22:50:05 | 000,472,808 | ---- | M] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\deployJava1.dll
[2011/07/21 15:44:39 | 000,000,693 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\CCleaner.lnk
[2011/07/14 10:02:10 | 000,405,512 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2011/07/13 19:30:11 | 000,000,000 | ---- | M] () -- C:\WINDOWS\EEventManager.INI
[2011/07/12 15:46:56 | 000,001,819 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Epson Easy Photo Print.lnk
[2011/07/12 15:44:14 | 000,000,306 | ---- | M] () -- C:\WINDOWS\setup.iss
[2011/07/12 15:40:04 | 000,000,559 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Print CD.lnk
[2011/07/12 15:36:09 | 000,001,910 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\EPSON PX820FWD Series Network Guide.lnk
[2011/07/12 15:35:50 | 000,001,910 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\EPSON PX820FWD Series Manual.lnk
[2011/07/12 15:34:13 | 000,000,676 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\EPSON Scan.lnk
[2011/07/12 11:20:54 | 000,178,536 | ---- | M] (Apple Inc.) -- C:\WINDOWS\System32\dnssdX.dll
[2011/07/12 11:20:54 | 000,083,816 | ---- | M] (Apple Inc.) -- C:\WINDOWS\System32\dns-sd.exe
[2011/07/12 11:20:54 | 000,073,064 | ---- | M] (Apple Inc.) -- C:\WINDOWS\System32\dnssd.dll
[1 C:\Documents and Settings\HP_Owner\Desktop\*.tmp files -> C:\Documents and Settings\HP_Owner\Desktop\*.tmp -> ]
[1 C:\Documents and Settings\HP_Owner\*.tmp files -> C:\Documents and Settings\HP_Owner\*.tmp -> ]

========== Files Created - No Company Name ==========

[2011/08/05 10:47:11 | 000,001,553 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\iTunes.lnk
[2011/08/05 10:33:09 | 000,092,776 | -H-- | C] () -- C:\WINDOWS\System32\mlfcache.dat
[2011/08/05 10:28:24 | 000,002,193 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Safari.lnk
[2011/08/05 10:28:24 | 000,001,854 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Safari.lnk
[2011/08/05 10:21:31 | 000,000,284 | ---- | C] () -- C:\WINDOWS\tasks\AppleSoftwareUpdate.job
[2011/08/03 10:18:43 | 000,001,606 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\McAfee Internet Security.lnk
[2011/07/30 10:17:53 | 000,000,886 | ---- | C] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
[2011/07/30 10:17:52 | 000,000,882 | ---- | C] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
[2011/07/25 14:47:12 | 000,000,678 | ---- | C] () -- C:\Documents and Settings\HP_Owner\Desktop\Shortcut to iexplore.lnk
[2011/07/25 13:47:14 | 000,001,374 | ---- | C] () -- C:\WINDOWS\imsins.BAK
[2011/07/22 00:53:42 | 000,000,765 | ---- | C] () -- C:\Documents and Settings\HP_Owner\Desktop\Shortcut to Dial-a-fix-v0.60.0.24.lnk
[2011/07/21 23:00:59 | 000,000,759 | ---- | C] () -- C:\Documents and Settings\HP_Owner\Desktop\Shortcut to sniper.exe.lnk
[2011/07/13 19:30:11 | 000,000,000 | ---- | C] () -- C:\WINDOWS\EEventManager.INI
[2011/07/12 15:46:56 | 000,001,819 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Epson Easy Photo Print.lnk
[2011/07/12 15:44:05 | 000,000,306 | ---- | C] () -- C:\WINDOWS\setup.iss
[2011/07/12 15:40:04 | 000,000,559 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Print CD.lnk
[2011/07/12 15:36:09 | 000,001,910 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\EPSON PX820FWD Series Network Guide.lnk
[2011/07/12 15:35:50 | 000,001,910 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\EPSON PX820FWD Series Manual.lnk
[2011/07/12 15:34:13 | 000,000,676 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\EPSON Scan.lnk
[2011/06/30 12:45:50 | 000,223,176 | ---- | C] () -- C:\Documents and Settings\LocalService\Local Settings\Application Data\FontCache3.0.0.0.dat
[2011/06/25 10:01:22 | 000,333,018 | ---- | C] () -- C:\Documents and Settings\LocalService\Local Settings\Application Data\WPFFontCache_v0400-System.dat
[2011/04/25 16:17:14 | 000,014,848 | ---- | C] () -- C:\Documents and Settings\HP_Owner\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2011/03/22 23:58:22 | 000,014,168 | ---- | C] () -- C:\WINDOWS\System32\drivers\iKeyLFT2.dll
[2010/10/19 16:51:50 | 014,709,760 | ---- | C] () -- C:\Program Files\ClassActionKillers.msi
[2010/10/01 17:16:03 | 000,000,120 | ---- | C] () -- C:\WINDOWS\Uzagefu.dat
[2010/10/01 17:16:03 | 000,000,000 | ---- | C] () -- C:\WINDOWS\Jdebecusuramu.bin
[2010/08/11 10:14:24 | 000,072,268 | ---- | C] () -- C:\Program Files\procexp.chm
[2010/05/14 22:56:06 | 010,877,272 | ---- | C] () -- C:\WINDOWS\System32\LogiDPP.dll
[2010/05/14 22:56:06 | 000,102,744 | ---- | C] () -- C:\WINDOWS\System32\LogiDPPApp.exe
[2010/05/14 22:55:58 | 000,331,608 | ---- | C] () -- C:\WINDOWS\System32\DevManagerCore.dll
[2010/05/07 18:43:30 | 000,025,824 | ---- | C] () -- C:\WINDOWS\System32\drivers\LVPr2Mon.sys
[2010/02/08 07:33:04 | 000,359,320 | ---- | C] () -- C:\WINDOWS\System32\vfprintpthelper.dll
[2009/10/01 11:07:58 | 000,000,760 | ---- | C] () -- C:\Documents and Settings\HP_Owner\Application Data\setup_ldm.iss
[2009/09/30 12:27:14 | 005,486,113 | ---- | C] () -- C:\Program Files\DarkWave-Studio-2.4.exe
[2009/08/31 14:00:22 | 000,021,504 | ---- | C] () -- C:\WINDOWS\System32\WBCustomizer.dll
[2009/08/31 14:00:21 | 000,185,344 | ---- | C] () -- C:\WINDOWS\System32\MemWarp.dll
[2009/08/25 15:22:36 | 015,436,399 | ---- | C] () -- C:\Program Files\F1_v1.3.zip
[2009/08/25 15:16:29 | 091,959,937 | ---- | C] () -- C:\Program Files\Avert Fate.zip
[2009/07/10 01:19:49 | 347,928,562 | ---- | C] () -- C:\Program Files\sauerbraten_2009_05_04_trooper_edition_win32_setup.exe
[2009/07/07 13:05:47 | 000,172,032 | ---- | C] () -- C:\Program Files\libpng13.dll
[2009/07/07 13:05:46 | 000,045,056 | ---- | C] () -- C:\Program Files\Launcher.exe
[2009/05/13 12:13:24 | 001,271,001 | ---- | C] () -- C:\Program Files\Lame-Front-End.zip
[2009/04/12 20:22:29 | 006,237,728 | ---- | C] () -- C:\Program Files\SUPERAntiSpyware.exe
[2009/03/20 13:20:38 | 000,000,573 | ---- | C] () -- C:\Program Files\xp_system32opens.vbs
[2009/02/10 20:20:54 | 000,748,688 | ---- | C] () -- C:\Program Files\cpukil305.zip
[2009/01/30 19:13:44 | 001,053,744 | ---- | C] () -- C:\Program Files\revosetup.exe
[2009/01/23 20:51:09 | 000,189,810 | ---- | C] () -- C:\Program Files\libmp3lame-win-3.98.2.zip
[2009/01/03 18:40:29 | 000,939,698 | ---- | C] () -- C:\Program Files\7z464.exe
[2008/12/14 20:56:17 | 000,000,000 | ---- | C] () -- C:\WINDOWS\galaxy.ini
[2008/12/12 18:31:59 | 000,000,471 | ---- | C] () -- C:\Program Files\FILE_ID.DIZ
[2008/12/09 20:25:45 | 000,007,804 | ---- | C] () -- C:\WINDOWS\System32\d3d9caps.dat
[2008/12/09 19:52:39 | 000,065,536 | ---- | C] () -- C:\WINDOWS\System32\YCRWin32.dll
[2008/12/09 16:03:51 | 000,001,143 | ---- | C] () -- C:\Documents and Settings\HP_Owner\Application Data\QuickZip45.ini
[2008/12/03 18:45:24 | 020,768,389 | ---- | C] () -- C:\Program Files\DN3DInst.zip
[2008/07/06 16:17:05 | 000,000,591 | ---- | C] () -- C:\WINDOWS\eReg.dat
[2008/07/02 12:04:10 | 000,000,335 | ---- | C] () -- C:\WINDOWS\nsreg.dat
[2008/05/17 01:31:00 | 001,703,936 | ---- | C] () -- C:\WINDOWS\System32\nvwdmcpl.dll
[2008/05/17 01:31:00 | 001,630,208 | ---- | C] () -- C:\WINDOWS\System32\nwiz.exe
[2008/05/17 01:31:00 | 001,486,848 | ---- | C] () -- C:\WINDOWS\System32\nview.dll
[2008/05/17 01:31:00 | 001,339,392 | ---- | C] () -- C:\WINDOWS\System32\nvdspsch.exe
[2008/05/17 01:31:00 | 001,019,904 | ---- | C] () -- C:\WINDOWS\System32\nvwimg.dll
[2008/05/17 01:31:00 | 000,466,944 | ---- | C] () -- C:\WINDOWS\System32\nvshell.dll
[2008/05/17 01:31:00 | 000,442,368 | ---- | C] () -- C:\WINDOWS\System32\nvappbar.exe
[2008/05/17 01:31:00 | 000,425,984 | ---- | C] () -- C:\WINDOWS\System32\keystone.exe
[2008/05/17 01:31:00 | 000,286,720 | ---- | C] () -- C:\WINDOWS\System32\nvnt4cpl.dll
[2008/05/14 17:17:55 | 000,000,223 | ---- | C] () -- C:\WINDOWS\HP PrecisionScan Pro.INI
[2008/04/01 17:34:30 | 000,004,212 | -H-- | C] () -- C:\WINDOWS\System32\zllictbl.dat
[2008/03/21 21:01:18 | 000,007,680 | ---- | C] () -- C:\WINDOWS\System32\ff_vfw.dll
[2008/03/21 19:31:27 | 000,000,227 | ---- | C] () -- C:\WINDOWS\HP_CounterReport_Update_HPSU.ini
[2008/03/21 18:56:14 | 000,005,607 | R--- | C] () -- C:\WINDOWS\System32\stci.dll
[2008/03/21 17:54:34 | 000,116,736 | ---- | C] () -- C:\WINDOWS\Uninstall_Livebox.EXE
[2008/01/30 22:39:58 | 000,005,495 | ---- | C] () -- C:\Program Files\0x0409.ini
[2007/12/31 15:45:05 | 000,000,376 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2007/05/11 16:12:54 | 000,027,872 | ---- | C] () -- C:\WINDOWS\System32\lvcoinst.ini
[2007/04/27 10:43:58 | 000,120,200 | ---- | C] () -- C:\WINDOWS\System32\DLLDEV32i.dll
[2006/06/05 20:14:40 | 000,000,061 | ---- | C] () -- C:\WINDOWS\smscfg.ini
[2006/06/05 19:53:15 | 000,028,848 | ---- | C] () -- C:\WINDOWS\System32\drivers\USBkey.sys
[2006/06/05 19:49:40 | 000,013,561 | ---- | C] () -- C:\WINDOWS\System32\CHODDI.SYS
[2006/06/05 19:49:33 | 000,045,056 | ---- | C] () -- C:\WINDOWS\System32\hpreg.dll
[2006/06/05 19:45:45 | 000,198,144 | ---- | C] () -- C:\WINDOWS\System32\_psisdecd.dll
[2006/06/05 19:42:54 | 000,000,102 | ---- | C] () -- C:\WINDOWS\WININIT.INI
[2006/06/05 19:38:07 | 000,080,417 | ---- | C] () -- C:\WINDOWS\HPHins08.dat
[2006/06/05 19:38:07 | 000,004,011 | ---- | C] () -- C:\WINDOWS\hphmdl08.dat
[2006/06/05 19:36:57 | 000,090,686 | ---- | C] () -- C:\WINDOWS\hpiins01.dat
[2006/06/05 19:36:57 | 000,000,000 | ---- | C] () -- C:\WINDOWS\hpimdl01.dat
[2006/06/05 19:27:20 | 000,095,822 | ---- | C] () -- C:\WINDOWS\hpqins69.dat
[2006/06/05 19:26:18 | 000,001,793 | ---- | C] () -- C:\WINDOWS\System32\fxsperf.ini
[2006/06/05 19:23:26 | 000,121,994 | ---- | C] () -- C:\WINDOWS\System32\atiicdxx.dat
[2006/06/05 19:08:43 | 000,000,780 | ---- | C] () -- C:\WINDOWS\orun32.ini
[2006/06/05 19:05:18 | 000,323,584 | ---- | C] () -- C:\WINDOWS\System32\pythoncom22.dll
[2006/06/05 19:05:18 | 000,094,208 | ---- | C] () -- C:\WINDOWS\System32\pywintypes22.dll
[2006/06/05 19:04:54 | 000,016,896 | ---- | C] () -- C:\WINDOWS\System32\bcbmm.dll
[2006/03/18 01:23:44 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\px.ini
[2005/12/06 00:49:08 | 000,002,048 | --S- | C] () -- C:\WINDOWS\bootstat.dat
[2005/12/06 00:36:34 | 000,506,376 | ---- | C] () -- C:\WINDOWS\System32\perfh009.dat
[2005/12/06 00:36:34 | 000,088,978 | ---- | C] () -- C:\WINDOWS\System32\perfc009.dat
[2005/12/06 00:34:46 | 000,405,512 | ---- | C] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2005/12/06 00:31:48 | 000,004,161 | ---- | C] () -- C:\WINDOWS\ODBCINST.INI
[2005/12/06 00:30:02 | 000,021,640 | ---- | C] () -- C:\WINDOWS\System32\emptyregdb.dat
[2004/08/04 12:00:00 | 000,673,088 | ---- | C] () -- C:\WINDOWS\System32\mlang.dat
[2004/08/04 12:00:00 | 000,272,128 | ---- | C] () -- C:\WINDOWS\System32\perfi009.dat
[2004/08/04 12:00:00 | 000,218,003 | ---- | C] () -- C:\WINDOWS\System32\dssec.dat
[2004/08/04 12:00:00 | 000,046,258 | ---- | C] () -- C:\WINDOWS\System32\mib.bin
[2004/08/04 12:00:00 | 000,028,626 | ---- | C] () -- C:\WINDOWS\System32\perfd009.dat
[2004/08/04 12:00:00 | 000,004,569 | ---- | C] () -- C:\WINDOWS\System32\secupd.dat
[2004/08/04 12:00:00 | 000,001,804 | ---- | C] () -- C:\WINDOWS\System32\dcache.bin
[2004/08/04 12:00:00 | 000,000,741 | ---- | C] () -- C:\WINDOWS\System32\noise.dat
[2004/06/24 20:10:06 | 000,000,567 | ---- | C] () -- C:\WINDOWS\System32\oeminfo.ini
[2003/01/07 16:05:08 | 000,002,695 | ---- | C] () -- C:\WINDOWS\System32\OUTLPERF.INI
[2001/08/23 23:12:28 | 013,107,200 | ---- | C] () -- C:\WINDOWS\System32\oembios.bin
[2001/08/23 23:11:02 | 000,004,490 | ---- | C] () -- C:\WINDOWS\System32\oembios.dat
[2001/07/06 22:30:00 | 000,003,399 | ---- | C] () -- C:\WINDOWS\System32\hptcpmon.ini
[2000/09/14 03:03:00 | 000,000,145 | ---- | C] () -- C:\WINDOWS\System32\EBPPORT.DAT
[2000/08/11 07:00:00 | 000,030,208 | ---- | C] () -- C:\WINDOWS\System32\EPIPPJ50.DLL
[2000/04/14 17:50:02 | 000,343,040 | ---- | C] () -- C:\WINDOWS\System32\Lffpx7.dll
[1998/06/11 13:08:06 | 000,095,232 | ---- | C] () -- C:\WINDOWS\System32\Lfkodak.dll
[1996/04/03 20:33:26 | 000,005,248 | ---- | C] () -- C:\WINDOWS\System32\giveio.sys

========== LOP Check ==========

[2011/08/04 09:37:38 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\!SASCORE
[2011/07/12 15:52:21 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\EPSON
[2009/10/24 16:16:12 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\HighAndes
[2011/05/16 00:57:25 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\MAGIX
[2008/04/01 18:01:20 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\MailFrontier
[2011/03/21 02:21:18 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\NCH Swift Sound
[2011/06/25 19:20:45 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\NexonEU
[2008/11/12 20:41:59 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Novatel Wireless
[2008/07/20 11:03:52 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\O2CM-CE
[2008/02/02 17:06:03 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Spearit
[2011/05/24 13:39:57 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\TEMP
[2011/07/12 15:46:55 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\UDL
[2008/05/15 01:44:24 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Uniblue
[2011/08/05 10:46:54 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{429CAD59-35B1-4DBC-BB6D-1DB246563521}
[2009/04/13 14:29:41 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{8CD7F5AF-ECFA-4793-BF40-D8F42DBFF906}
[2009/05/12 15:22:11 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Application Data\{92E7A367-8E12-4830-AA70-29C32E331A81}
[2009/06/19 00:02:16 | 000,000,464 | ---- | M] () -- C:\WINDOWS\Tasks\Easy Internet Sign-up.job
[2011/03/21 02:21:27 | 000,000,288 | ---- | M] () -- C:\WINDOWS\Tasks\wavepadShakeIcon.job

========== Purity Check ==========



========== Alternate Data Streams ==========

@Alternate Data Stream - 120 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:5C321E34
@Alternate Data Stream - 115 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:B3DFE6FE
@Alternate Data Stream - 115 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:A8ADE5D8
@Alternate Data Stream - 106 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:1CA73D29
@Alternate Data Stream - 104 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:D1B5B4F1
@Alternate Data Stream - 103 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:DFC5A2B2

< End of report >
And the Extras.Txt as follows:

OTL Extras logfile created on: 07/08/2011 14:53:35 - Run 1
OTL by OldTimer - Version 3.2.26.1 Folder = C:\Documents and Settings\HP_Owner\Desktop
Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000809 | Country: United Kingdom | Language: ENG | Date Format: dd/MM/yyyy

1023.36 Mb Total Physical Memory | 409.29 Mb Available Physical Memory | 39.99% Memory free
2.31 Gb Paging File | 1.64 Gb Available in Paging File | 70.84% Paging File free
Paging file location(s): C:\pagefile.sys 1440 2880 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 180.71 Gb Total Space | 89.63 Gb Free Space | 49.60% Space Free | Partition Type: NTFS
Drive D: | 5.58 Gb Total Space | 0.55 Gb Free Space | 9.84% Space Free | Partition Type: FAT32
Drive E: | 3.93 Gb Total Space | 0.00 Gb Free Space | 0.00% Space Free | Partition Type: UDF

Computer Name: YOUR-C94F920E24 | User Name: HP_Owner | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========


========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\]
.cpl [@ = cplfile] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)
.url [@ = InternetShortcut] -- rundll32.exe ieframe.dll,OpenURL %l

[HKEY_CURRENT_USER\SOFTWARE\Classes\]
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
exefile [open] -- "%1" %*
https [open] -- "C:\Program Files\Mozilla Firefox\firefox.exe" -requestPending -osint -url "%1" (Mozilla Corporation)
InternetShortcut [open] -- rundll32.exe ieframe.dll,OpenURL %l
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"FirstRunDisabled" = 1
"AntiVirusDisableNotify" = 1
"FirewallDisableNotify" = 1
"UpdatesDisableNotify" = 0
"AntiVirusOverride" = 1
"FirewallOverride" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]

========== System Restore Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Sr]
"Start" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SrService]
"Start" = 2

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List]
"139:TCP" = 139:TCP:*:Enabled:@xpsp2res.dll,-22004
"445:TCP" = 445:TCP:*:Enabled:@xpsp2res.dll,-22005
"137:UDP" = 137:UDP:*:Enabled:@xpsp2res.dll,-22001
"138:UDP" = 138:UDP:*:Enabled:@xpsp2res.dll,-22002

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
"139:TCP" = 139:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22004
"445:TCP" = 445:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22005
"137:UDP" = 137:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22001
"138:UDP" = 138:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22002

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
"C:\Nexon\Combat Arms EU\CombatArms.exe" = C:\Nexon\Combat Arms EU\CombatArms.exe:*Enabled:CombatArms.exe
"C:\Nexon\Combat Arms EU\Engine.exe" = C:\Nexon\Combat Arms EU\Engine.exe:*Enabled:Engine.exe

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\Program Files\Logitech\Vid\Vid.exe" = C:\Program Files\Logitech\Vid\Vid.exe:*:Enabled:Logitech Vid HD -- (Logitech Inc.)
"C:\Program Files\FrostWire\FrostWire.exe" = C:\Program Files\FrostWire\FrostWire.exe:*:Enabled:FrostWire
"C:\Program Files\Epson Software\Event Manager\EEventManager.exe" = C:\Program Files\Epson Software\Event Manager\EEventManager.exe:*:Enabled:EEventManager Application -- (SEIKO EPSON CORPORATION)
"C:\Program Files\Common Files\Mcafee\McSvcHost\McSvHost.exe" = C:\Program Files\Common Files\Mcafee\McSvcHost\McSvHost.exe:*:Enabled:McAfee Shared Service Host -- (McAfee, Inc.)
"C:\Program Files\Common Files\Apple\Apple Application Support\WebKit2WebProcess.exe" = C:\Program Files\Common Files\Apple\Apple Application Support\WebKit2WebProcess.exe:*:Enabled:WebKit -- (Apple Inc.)


========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
"{03B8AA32-F23C-4178-B8E6-09ECD07EAA47}" = Epson Event Manager
"{075473F5-846A-448B-BCB3-104AA1760205}" = Sonic RecordNow Data
"{08610298-29AE-445B-B37D-EFBE05802967}" = LWS Pictures And Video
"{0A0CADCF-78DA-33C4-A350-CD51849B9702}" = Microsoft .NET Framework 4 Extended
"{0A65A3BD-54B5-4d0d-B084-7688507813F5}" = SlideShow
"{0B884C9B-5D85-4461-88EE-826E1BB33008}" = Serif PagePlus 11
"{0BEDBD4E-2D34-47B5-9973-57E62B29307C}" = ATI Control Panel
"{0BF5FBE7-3907-4A1F-9E48-8B66E52850D6}" = TrayApp
"{0CBE6C93-CB2E-4378-91EE-12BE6D4E2E4A}" = Epson FAX Utility
"{1341D838-719C-4A05-B50F-49420CA1B4BB}" = HP Boot Optimizer
"{138A4072-9E64-46BD-B5F9-DB2BB395391F}" = LWS VideoEffects
"{15634701-BACE-4449-8B25-1567DA8C9FD3}" = CameraHelperMsi
"{15C0AF59-4877-49B6-B8C6-A61CE54515F5}" = cp_OnlineProjectsConfig
"{1651216E-E7AD-4250-92A1-FB8ED61391C9}" = LWS Help_main
"{174A3B31-4C43-43DD-866F-73C9DB887B48}" = LWS Twitter
"{190D0C6E-C8A7-4019-8FB5-FD041EC1F2D2}" = Mobile Broadband Drivers
"{196BB40D-1578-3D01-B289-BEFC77A11A1E}" = Microsoft Visual C++ 2010 x86 Redistributable - 10.0.30319
"{1E1F1E70-14D8-4380-8652-BD1A895A7D65}" = Status
"{21657574-BD54-48A2-9450-EB03B2C7FC29}" = Sonic MyDVD Plus
"{21DF0294-6B9D-4741-AB6F-B2ABFBD2387E}" = LWS YouTube Plugin
"{23012310-3E05-46A5-88A9-C6CBCABCAC79}" = Customer Experience Enhancement
"{2376813B-2E5A-4641-B7B3-A0D5ADB55229}" = HPPhotoSmartExpress
"{2637C347-9DAD-11D6-9EA2-00055D0CA761}" = PowerCinema
"{26A24AE4-039D-4CA4-87B4-2F83216026FF}" = Java(TM) 6 Update 26
"{27C467F8-F8EF-4f68-BD72-D63632B2096C}" = McAfee Online Backup
"{28C2DED6-325B-4CC7-983A-1777C8F7FBAB}" = RealUpgrade 1.1
"{2C5D07FB-31A2-4F2D-9FDA-0B24ACD42BD0}" = HP Deskjet Printer Preload
"{2F58D60D-2BFD-4467-9B4D-64E7355C329D}" = Sonic_PrimoSDK
"{30465B6C-B53F-49A1-9EBA-A3F187AD502E}" = Sonic Update Manager
"{310C1558-F6B5-4889-98B0-7471966BA7F2}" = Epson Easy Photo Print 2
"{31263605-FC84-4787-B847-BA445B147E24}" = ScannerCopy
"{3248F0A8-6813-11D6-A77B-00B0D0150050}" = J2SE Runtime Environment 5.0 Update 5
"{33BF0960-DBA3-4187-B6CC-C969FCFA2D25}" = SkinsHP1
"{33D6CC28-9F75-4d1b-A11D-98895B3A3729}" = HP Photosmart 330,380,420,470,7800,8000,8200 Series
"{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{352F5013-07DC-446D-8DB6-38F339086C60}" = LightScribe 1.4.84.1
"{36D620AD-EEBA-4973-BA86-0C9AE6396620}" = OptionalContentQFolder
"{36FDBE6E-6684-462B-AE98-9A39A1B200CC}" = HP Product Assistant
"{370187B9-6964-38D0-851F-6C4898B0C2B1}" = Microsoft Visual C++ Compilers 2010 Standard - enu - x86
"{37AC7F94-2C0C-3DFF-8039-4B6AB79150D0}" = Microsoft Windows SDK for Visual Studio .NET 4.0 Framework Tools
"{39556553-8C77-4C5E-8F30-4083274948A2}" = Application Verifier
"{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile
"{3CF99DC3-38FD-46E6-A6B4-9C70074E020C}" = DocumentViewer
"{3E31400D-274E-4647-916C-2CACC3741799}" = EpsonNet Print
"{3EE9BCAE-E9A9-45E5-9B1C-83A4D357E05C}" = erLT
"{3FADAA19-E595-44CA-A072-58B6B0851768}" = Norton Security Scan
"{41E776A5-9B12-416D-9A12-B4F7B044EBED}" = CP_Package_Basic1
"{44A91B04-3D0C-47F9-B644-7F682869AFF3}" = MobileMe Control Panel
"{45A66726-69BC-466B-A7A4-12FCBA4883D7}" = HiJackThis
"{45B8A76B-57EC-4242-B019-066400CD8428}" = BufferChm
"{45D707E9-F3C4-11D9-A373-0050BAE317E1}" = HP DVD Play 2.1
"{47C39E4A-28F2-33B1-B9B7-97F24E52D917}" = Microsoft Help Viewer 1.0
"{492E1D84-D7BF-4FA2-A26A-30AFC89EF547}" = Tiger Woods PGA TOUR 2003
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4AB5EAF2-E5D8-4A2B-864B-D72B37A9DD51}" = PCmover
"{4B509F1E-BEA7-3D0E-BE94-3BBF85E8D698}" = Microsoft Windows SDK .NET Framework Tools (30514)
"{4BE53DB2-C1F2-44D1-A9AB-1630BA7F2AF1}" = SolutionCenter
"{4F30BC2B-5441-3149-91D7-FAA2332E2F5F}" = Microsoft Windows SDK for Windows 7 Headers and Libraries (30514)
"{4FBCEA31-5D18-4212-9231-DE7CF1BE7DBB}" = Logitech Vid
"{508CE775-4BA4-4748-82DF-FE28DA9F03B0}" = Windows Live Messenger
"{57752979-A1C9-4C02-856B-FBB27AC4E02C}" = QuickTime
"{5CFD7508-7774-48FE-8280-7A3C0AE71755}" = Internet Services
"{5D61626A-BD55-4e42-82EE-4AE89D8FD050}" = HP Photosmart Cameras 6.0
"{612C34C7-5E90-47D8-9B5C-0F717DD82726}" = swMSM
"{612F4E20-3661-4D44-AD79-823F1B613FB3}" = HP Update
"{6675CA7F-E51B-4F6A-99D4-F8F0124C6EAA}" = Sonic Express Labeler
"{6696D9A4-28A8-4F5A-8E9A-2E8974C8C39C}" = RandMap
"{699C970F-1E17-3CD8-A2EA-87AB9EDEDFF4}" = Microsoft Windows SDK for Windows 7 Samples (30514)
"{6A118C80-B382-41c0-8907-CDD0BF5EFE6E}" = CameraDrivers
"{6A3F9D74-BB80-4451-8CA1-4B3A857F1359}" = Apple Application Support
"{6D8D64BE-F500-55B6-705D-DFD08AFE0624}" = Acrobat.com
"{6F76EC3C-34B1-436E-97FB-48C58D7BEDCD}" = LWS Gallery
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{71E66D3F-A009-44AB-8784-75E2819BA4BA}" = LWS Motion Detection
"{729DF902-05F9-4C00-9E6D-411119824E5F}" = hpiCamDrvQFolder
"{735619D4-B42A-437A-958C-199BFCAEDB38}" = Safari
"{748F4870-8350-11D3-B0BF-080009FB4A19}" = HP Share-to-Web
"{755EC5E3-FD51-46bd-A57F-7A2D56FBF061}" = PSTAPlugin
"{769A295C-DCF4-41d6-AFBA-7D9394B23AFE}" = PSPrinters08
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{7770E71B-2D43-4800-9CB3-5B6CAAEBEBEA}" = RealNetworks - Microsoft Visual C++ 2008 Runtime
"{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}" = Apple Software Update
"{7AFFE35D-047A-3D27-B204-1CD849933C02}" = Microsoft Windows SDK for Windows 7 Common Utilities (30514)
"{8105684D-8CA6-440D-8F58-7E5FD67A499D}" = Easy Internet Sign-up
"{82081779-4175-4666-A457-AB711CD37EF0}" = cp_LightScribeConfig
"{829DAAD6-BB11-4BB7-921B-07FFB703F944}" = CP_Package_Variety3
"{82E55892-6FFD-403F-AA97-D726846768AA}" = CP_AtenaShokunin1Config
"{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable
"{83C8FA3C-F4EA-46C4-8392-D3CE353738D6}" = LWS Launcher
"{85C977FB-2A5B-3223-8AC5-828558EAF7D9}" = Microsoft Windows SDK for Windows 7 Utilities for Win32 Development (30514)
"{866A0078-DEA7-4348-9C9A-999AF2991EAA}" = SlideShowMusic
"{8937D274-C281-42E4-8CDB-A0B2DF979189}" = LWS Webcam Software
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8A534F71-3202-4464-A422-B767295E67B9}" = CP_Package_Variety2
"{8CE4E6E9-9D55-43FB-9DDB-688C976BFC05}" = Unload
"{8F1A20DC-251D-47B0-91B7-DCA2523EE6C9}" = McAfee Virtual Technician
"{90110409-6000-11D3-8CFE-0150048383C9}" = Microsoft Office Professional Edition 2003
"{90120000-0020-0409-0000-0000000FF1CE}" = Compatibility Pack for the 2007 Office system
"{90140000-2005-0000-0000-0000000FF1CE}" = Microsoft Office File Validation Add-In
"{928D2FB1-291A-362B-89A4-7075A9D904A4}" = Microsoft Windows SDK for Windows 7 (7.1)
"{93E5A317-24EC-4744-812C-16FECFE86E6A}" = CP_Package_Variety1
"{9422C8EA-B0C6-4197-B8FC-DC797658CA00}" = Windows Live Sign-in Assistant
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9A9C11FA-AE85-3B48-86BE-5FA83D0384B3}" = Microsoft Windows SDK Intellisense and Reference Assemblies (30514)
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{9DAEA76B-E50F-4272-A595-0124E826553D}" = LWS WLM Plugin
"{A29800BA-0BF1-4E63-9F31-DF05A87F4104}" = InstantShareDevices
"{A2BCA9F1-566C-4805-97D1-7FDC93386723}" = Adobe AIR
"{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}" = Microsoft .NET Framework 3.0 Service Pack 2
"{A3455242-DAE0-4523-8242-FD82706ABF4B}" = CameraDrivers
"{A7E4ECCA-4A8E-4258-8EC8-2DCCF5B11320}" = Windows Live installer
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{AB5D51AE-EBC3-438D-872C-705C7C2084B0}" = DeviceManagementQFolder
"{AB708C9B-97C8-4AC9-899B-DBF226AC9382}" = Sonic RecordNow Audio
"{ABBA0799-F982-414C-9A8B-17EB03D39677}" = trakAxPC
"{AC76BA86-7AD7-1033-7B44-A94000000001}" = Adobe Reader 9.4.5
"{B12665F4-4E93-4AB4-B7FC-37053B524629}" = Sonic RecordNow Copy
"{B2157760-AA3C-4E2E-BFE6-D20BC52495D9}" = cp_PosterPrintConfig
"{B2395631-54D5-481E-B9A8-74B269546F40}" = Visual C++ CRT 8.0
"{B2D55EB8-32C5-4B43-9006-9E97DECBA178}" = Epson Easy Photo Print Plug-in for PMB(Picture Motion Browser)
"{B4092C6D-E886-4CB2-BA68-FE5A88D31DE6}_is1" = Spybot - Search & Destroy
"{B6286A44-7505-471A-A72B-04EC2DB2F442}" = CueTour
"{B69CFE29-FD03-4E0A-87A7-6ED97F98E5B3}" = CP_Panorama1Config
"{B7072091-4582-396F-87E2-412C85AC7095}" = Microsoft Windows SDK MSHelp (30514)
"{B9DD2DE0-27BE-4e6b-AAD8-0D960ABF87FD}" = CameraUserGuides
"{BF4E9ED0-EF26-4A4C-A123-6A6A1ABEE411}" = DocProc
"{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}" = Microsoft .NET Framework 2.0 Service Pack 2
"{C1C6767D-B395-43CB-BF99-051B58B86DA6}" = PhotoGallery
"{C23CD6DA-1958-43A5-ADD0-59396572E02E}" = Apple Mobile Device Support
"{C3FAA091-B278-44A7-BF48-190811C5F9F7}" = cp_UpdateProjectsConfig
"{C617EC41-9E21-3915-AA7E-F156B74F7D07}" = Microsoft Windows SDK Net Fx Interop Headers And Libraries (30514)
"{C73CA646-73B3-4AEF-A136-C37505745174}" = iTunes
"{C98E8D9D-21DE-4F87-A9B7-142BB89840FC}" = Toolbox
"{C9D8A041-2963-4B31-8FFC-1500F3DB9293}" = EpsonNet Setup 3.3
"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1
"{CD1067C8-1AA1-4503-BCAD-EA1EE5427DC7}" = MAGIX Video easy SE
"{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}" = SUPERAntiSpyware Free Edition
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{CFEF48A8-BFB8-3EAC-8BA5-DE4F8AA267CE}" = Microsoft .NET Framework 4 Multi-Targeting Pack
"{CFF4500E-C5D6-695D-A027-B3D4DDED2CC3}" = McAfee Online Backup
"{D03482C5-9AD8-496D-B388-692AE04C93AF}" = Bonjour
"{D09605BE-5587-4B0C-86C8-69B5092CB80F}" = Debugging Tools for Windows (x86)
"{D16A31F9-276D-4968-A753-FFEAC56995D0}" = Epson Print CD
"{D3EE034D-5B92-4A55-AA02-2E6D0A6A96EE}" = Windows Resource Kit Tools - SubInAcl.exe
"{D40EB009-0499-459c-A8AF-C9C110766215}" = Logitech Webcam Software
"{D417C96A-FCC7-4590-A1BB-FAF73F5BC98E}" = GTA San Andreas
"{D41FAAA9-8048-4906-86B2-9AADEA1FA0B7}" = SpeedTouch USB Software
"{DB518BA6-CB74-4EB6-9ABD-880B6D6E1F38}" = HpSdpAppCoreApp
"{DEBB2986-15B0-4D28-95FA-5C966A396589}" = HPProductAssistant
"{E4197D6B-F046-33E7-ABDE-51FF373FDC76}" = Windows SDK IntellisenseNFX
"{E5A1DE9A-A21C-43A1-B06D-5146BAF62033}" = PanoStandAlone
"{E7F9E526-2324-437B-A609-E8C5309465CB}" = Microsoft Windows Performance Toolkit
"{EA4FA30B-7321-4428-90E9-28B088EC8DC9}" = Runtime 8.0 Libraries
"{EC2715CE-C182-483C-84CC-81D7D914CF14}" = WebReg
"{EC3B598C-1151-4191-B5B4-A9072ADE6259}_is1" = ZipGenius 6 (6.0.3.1150)
"{ED2C557E-9C18-41FF-B58E-A05EEF0B3B5F}" = CP_CalendarTemplates1
"{EED027B7-0DB6-404B-8F45-6DFEE34A0441}" = LWS Video Mask MAKER
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F333A33D-125C-32A2-8DCE-5C5D14231E27}" = Visual C++ 2008 x86 Runtime - (v9.0.30729)
"{F333A33D-125C-32A2-8DCE-5C5D14231E27}.vc_x86runtime_30729_01" = Visual C++ 2008 x86 Runtime - v9.0.30729.01
"{FB15E224-67C3-491F-9F5C-F257BC418412}" = Destinations
"{FF167195-9EE4-46C0-8CD7-FBA3457E88AB}" = LWS Facebook
"7-Zip" = 7-Zip 4.64
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"Adobe Shockwave Player" = Adobe Shockwave Player 11.6
"Agere Systems Soft Modem" = Agere Systems PCI-SV92PP Soft Modem
"ALUpdate_is1" = ALTools Update
"ALZip_is1" = ALZip
"ATI Display Driver" = ATI Display Driver
"Audacity 1.3 Beta (Unicode)_is1" = Audacity 1.3.13 (Unicode)
"Audacity_is1" = Audacity 1.2.6
"BT Broadband Desktop Help" = BT Broadband Desktop Help
"BT Wireless Connection Manager" = BT Wireless Connection Manager
"BT Yahoo! Applications" = BT Yahoo! Applications
"BTHomeHub" = BTHomeHub
"CCleaner" = CCleaner
"CleanMem1.3.0" = CleanMem
"Combat Arms EU" = Combat Arms EU
"conduitEngine" = Conduit Engine
"Cube" = Cube
"Download_Energy Toolbar" = Download_Energy Toolbar
"Emsisoft Anti-Malware_is1" = Emsisoft Anti-Malware 5.1
"EPSON PC-FAX Driver 2" = Epson PC-FAX Driver
"EPSON PX820FWD Series" = EPSON PX820FWD Series Printer Uninstall
"EPSON PX820FWD Series Manual" = EPSON PX820FWD Series Manual
"EPSON PX820FWD Series Network Guide" = EPSON PX820FWD Series Network Guide
"EPSON Scanner" = EPSON Scan
"ESET Online Scanner" = ESET Online Scanner v3
"Eusing Free Registry Cleaner" = Eusing Free Registry Cleaner
"ffdshow_is1" = ffdshow [rev 1900] [2008-03-15]
"Google Chrome" = Google Chrome
"HP Document Viewer" = HP Document Viewer 6.1
"HP Imaging Device Functions" = HP Imaging Device Functions 7.0
"HP Photo & Imaging" = HP Photosmart Premier Software 6.5
"HP Photo Printing Software" = HP Photo Printing Software
"HP Solution Center & Imaging Support Tools" = HP Solution Center and Imaging Support Tools 6.1
"IDNMitigationAPIs" = Microsoft Internationalized Domain Names Mitigation APIs
"ie7" = Windows Internet Explorer 7
"ie8" = Windows Internet Explorer 8
"ImgBurn" = ImgBurn
"InstallShield_{23012310-3E05-46A5-88A9-C6CBCABCAC79}" = Customer Experience Enhancement
"InstallShield_{5CFD7508-7774-48FE-8280-7A3C0AE71755}" = Internet Services
"InstallShield_{8105684D-8CA6-440D-8F58-7E5FD67A499D}" = Easy Internet Sign-up
"Jardinains 2!_is1" = Jardinains 2!
"LMMS 0.4.5" = Linux MultiMedia Studio (LMMS)
"MAGIX_MSI_Video_easy_SE" = MAGIX Video easy SE
"Microsoft .NET Framework 1.1 (1033)" = Microsoft .NET Framework 1.1
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Extended" = Microsoft .NET Framework 4 Extended
"Microsoft Help Viewer 1.0" = Microsoft Help Viewer 1.0
"Mozilla Firefox 5.0 (x86 en-GB)" = Mozilla Firefox 5.0 (x86 en-GB)
"MSC" = McAfee Internet Security
"MSCompPackV1" = Microsoft Compression Client Pack 1.0 for Windows XP
"NLSDownlevelMapping" = Microsoft National Language Support Downlevel APIs
"NVIDIA Drivers" = NVIDIA Drivers
"OpenAL" = OpenAL
"Python 2.2.3" = Python 2.2.3
"pywin32-py2.2" = Python 2.2 pywin32 extensions (build 203)
"RealPlayer 12.0" = RealPlayer
"Recordpad" = RecordPad Sound Recorder
"Revo Uninstaller" = Revo Uninstaller 1.92
"SDKSetup_7.1.7600.0.30514" = Microsoft Windows SDK for Windows 7 (7.1)
"SpeedFan" = SpeedFan (remove only)
"SpywareBlaster_is1" = SpywareBlaster 4.1
"uTorrent" = µTorrent
"VLC media player" = VLC media player 1.1.10
"WavePad" = WavePad Sound Editor
"Wdf01009" = Microsoft Kernel-Mode Driver Framework Feature Pack 1.9
"Windows Media Format Runtime" = Windows Media Format 11 runtime
"Windows Media Player" = Windows Media Player 11
"Windows XP Service Pack" = Windows XP Service Pack 3
"WMFDist11" = Windows Media Format 11 runtime
"wmp11" = Windows Media Player 11
"Wudf01000" = Microsoft User-Mode Driver Framework Feature Pack 1.0
"Ziepod_is1" = Ziepod version 1.0

========== HKEY_CURRENT_USER Uninstall List ==========

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"UnityWebPlayer" = Unity Web Player

========== Last 10 Event Log Errors ==========

[ Application Events ]
Error - 05/08/2011 04:44:16 | Computer Name = YOUR-C94F920E24 | Source = WinMgmt | ID = 27
Description = WinMgmt could not open the repository file. This could be due to
insufficient security access to the "\System32\WBEM\Repository", insufficient
disk space or insufficient memory.

Error - 05/08/2011 04:44:16 | Computer Name = YOUR-C94F920E24 | Source = SecurityCenter | ID = 1802
Description = The Windows Security Center Service was unable to establish event
queries with WMI to monitor third party AntiVirus and Firewall.

Error - 05/08/2011 12:51:15 | Computer Name = YOUR-C94F920E24 | Source = WinMgmt | ID = 27
Description = WinMgmt could not open the repository file. This could be due to
insufficient security access to the "\System32\WBEM\Repository", insufficient
disk space or insufficient memory.

Error - 05/08/2011 12:51:15 | Computer Name = YOUR-C94F920E24 | Source = SecurityCenter | ID = 1802
Description = The Windows Security Center Service was unable to establish event
queries with WMI to monitor third party AntiVirus and Firewall.

Error - 05/08/2011 12:51:54 | Computer Name = YOUR-C94F920E24 | Source = VSS | ID = 8193
Description = Volume Shadow Copy Service error: Unexpected error calling routine
CoCreateInstance. hr = 0x8007041f.

Error - 06/08/2011 04:56:47 | Computer Name = YOUR-C94F920E24 | Source = WinMgmt | ID = 27
Description = WinMgmt could not open the repository file. This could be due to
insufficient security access to the "\System32\WBEM\Repository", insufficient
disk space or insufficient memory.

Error - 06/08/2011 04:56:47 | Computer Name = YOUR-C94F920E24 | Source = SecurityCenter | ID = 1802
Description = The Windows Security Center Service was unable to establish event
queries with WMI to monitor third party AntiVirus and Firewall.

Error - 06/08/2011 20:18:07 | Computer Name = YOUR-C94F920E24 | Source = Application Error | ID = 1000
Description = Faulting application gta_sa.exe, version 0.0.0.0, faulting module
unknown, version 0.0.0.0, fault address 0x6567696c.

Error - 07/08/2011 06:12:57 | Computer Name = YOUR-C94F920E24 | Source = WinMgmt | ID = 27
Description = WinMgmt could not open the repository file. This could be due to
insufficient security access to the "\System32\WBEM\Repository", insufficient
disk space or insufficient memory.

Error - 07/08/2011 06:12:57 | Computer Name = YOUR-C94F920E24 | Source = SecurityCenter | ID = 1802
Description = The Windows Security Center Service was unable to establish event
queries with WMI to monitor third party AntiVirus and Firewall.

[ System Events ]
Error - 30/06/2011 07:02:06 | Computer Name = YOUR-C94F920E24 | Source = W32Time | ID = 39452689
Description = Time Provider NtpClient: An error occurred during DNS lookup of the
manually configured peer 'time.windows.com,0x1'. NtpClient will try the DNS lookup
again in 15 minutes. The error was: A socket operation was attempted to an unreachable
host. (0x80072751)

Error - 30/06/2011 07:02:06 | Computer Name = YOUR-C94F920E24 | Source = W32Time | ID = 39452701
Description = The time provider NtpClient is configured to acquire time from one
or more time sources, however none of the sources are currently accessible. No attempt
to contact a source will be made for 14 minutes. NtpClient has no source of accurate
time.

Error - 30/06/2011 07:02:43 | Computer Name = YOUR-C94F920E24 | Source = DCOM | ID = 10010
Description = The server {4EB61BAC-A3B6-4760-9581-655041EF4D69} did not register
with DCOM within the required timeout.

Error - 30/06/2011 07:04:57 | Computer Name = YOUR-C94F920E24 | Source = DCOM | ID = 10010
Description = The server {3A185DDE-E020-4985-A8F2-E27CDC4A0F3A} did not register
with DCOM within the required timeout.

Error - 30/06/2011 07:17:06 | Computer Name = YOUR-C94F920E24 | Source = W32Time | ID = 39452689
Description = Time Provider NtpClient: An error occurred during DNS lookup of the
manually configured peer 'time.windows.com,0x1'. NtpClient will try the DNS lookup
again in 30 minutes. The error was: A socket operation was attempted to an unreachable
host. (0x80072751)

Error - 30/06/2011 07:17:06 | Computer Name = YOUR-C94F920E24 | Source = W32Time | ID = 39452701
Description = The time provider NtpClient is configured to acquire time from one
or more time sources, however none of the sources are currently accessible. No attempt
to contact a source will be made for 30 minutes. NtpClient has no source of accurate
time.

Error - 12/07/2011 05:18:02 | Computer Name = YOUR-C94F920E24 | Source = DCOM | ID = 10010
Description = The server {4EB61BAC-A3B6-4760-9581-655041EF4D69} did not register
with DCOM within the required timeout.

Error - 17/07/2011 03:31:08 | Computer Name = YOUR-C94F920E24 | Source = DCOM | ID = 10010
Description = The server {5A90F5EE-16B8-4C2A-81B3-FD5329BA477C} did not register
with DCOM within the required timeout.

Error - 03/08/2011 11:38:06 | Computer Name = YOUR-C94F920E24 | Source = DCOM | ID = 10010
Description = The server {5A90F5EE-16B8-4C2A-81B3-FD5329BA477C} did not register
with DCOM within the required timeout.

Error - 05/08/2011 12:51:54 | Computer Name = YOUR-C94F920E24 | Source = DCOM | ID = 10005
Description = DCOM got error "%1055" attempting to start the service VSS with arguments
"" in order to run the server: {E579AB5F-1CC4-44B4-BED9-DE0991FF0623}


< End of report >
AVENGER

  • Download The Avenger by Swandog46 from here.
  • Unzip/extract it to a folder on your desktop.
  • Double click on avenger.exe to run The Avenger.
  • Click OK.
  • Make sure that the box next to Scan for rootkits has a tick in it and that the box next to Automatically disable any rootkits found does not have a tick in it.
  • Click the Execute button.
  • You will be asked No script has been entered. Do you want to execute a rootkit scan only?.
  • Click Yes.
  • You will now be asked First step completed --- The Avenger has been successfully set up to run on next boot. Reboot now?.
  • Click Yes.
  • Your PC will now be rebooted.
  • After your PC has completed the necessary reboots, a log should automatically open. If it does not automatically open, then the log can be found at %systemdrive%\avenger.txt (typically C:\avenger.txt).
  • Please post this log in your next reply.
This doesn't look very dramatic:

Logfile of The Avenger Version 2.0, (c) by Swandog46
http://swandog46.geekstogo.com

Platform: Windows XP

*******************

Script file opened successfully.
Script file read successfully.

Backups directory opened successfully at C:\Avenger

*******************

Beginning to process script file:

Rootkit scan active.
No rootkits found!


Completed script processing.

*******************
Please do this in the following order. Please download, install and activate MicroSoft Security Essentials from the link below. Then remove McAfee using the tool below and see if you're still getting the error message.

Microsoft Security Essentials for Windows Vista\Windows 7 - 64 bit Download
Microsoft Security Essentials for Windows XP

Download the McAfee Consumer Product Removal Tool to your Desktop.

Using McAfee Consumer Product Removal tool:

* Double click the MCPR.exe
* A Command Line window will be displayed, and then close automatically.
* Wait for a second Command Line window to be displayed.

Note: Do not double-click MCPR.exe again, you may have to wait up to 1 minute for the next window to appear.

* After the second window appears, the program will begin the cleanup.
* Observe the installation, which could take several minutes. The following message will be displayed in the Command Line window: The machine must reboot to complete the un-installation. Reboot now? [y.n]
* Press Y on the keyboard.
* Wait for the computer to restart.
* All McAfee products are now removed from your computer.
Done and the reboot produced no repeat of the FP message.
Too much to do today to stop and start but expect a cold start to have the same result. As I think you have too, I've come to the conclusion the problem has resided somewhere in McAfee. We shall see!

Thanks again.

AlexSince last job I've been getting explorer.exe using up between 40-50% of CPU all the time - I'm sure this isn't normal. Any thoughts and suggestions to fix?Download Process Explorer: http://technet.microsoft.com/en-us/sysinternals/bb896653.aspx
Unzip ProcessExplorer.zip, and double click on procexp.exe to run the program.
Click on View > Select Colunms.
In addition to already pre-selected options, make sure, the Command Line is selected, and press OK.
Go File>Save As, and save the report as Procexp.txt.
Attach the file to your next reply.I already run process explorer - it's more user friendly and detailed than Task Manager. However, as with many diagnostic type tools, I never get round to fully utilising the features available. So I'm glad to have this passed on - thanks.

Here's the data:

ProcessPIDCPUPrivate BytesWorking SetDescriptionCompany NameCommand Line
System Idle Process047.690 K28 K
Interruptsn/a0 K0 KHardware Interrupts
DPCsn/a0 K0 KDeferred Procedure Calls
System40 K140 K
smss.exe444204 K116 KWindows NT Session ManagerMicrosoft Corporation\SystemRoot\System32\smss.exe
csrss.exe5081,860 K2,756 KClient Server Runtime ProcessMicrosoft CorporationC:\WINDOWS\system32\csrss.exe ObjectDirectory=\Windows SharedSection=1024,3072,512 Windows=On SubSystemType=Windows ServerDll=basesrv,1 ServerDll=winsrv:UserServerDllInitialization,3 ServerDll=winsrv:ConServerDllInitialization,2 ProfileControl=Off MaxRequestThreads=16
winlogon.exe5326,656 K2,604 KWindows NT Logon APPLICATIONMICROSOFT Corporationwinlogon.exe
services.exe5760.771,932 K2,244 KServices and Controller appMicrosoft CorporationC:\WINDOWS\system32\services.exe
a2service.exe74815,736 K440 KEmsisoft Anti-Malware ServiceEmsi Software GmbH"C:\Program Files\Emsisoft Anti-Malware\a2service.exe"
svchost.exe8363,228 K1,828 KGeneric Host Process for Win32 ServicesMicrosoft CorporationC:\WINDOWS\system32\svchost.exe -k DcomLaunch
hpgs2wnf.exe1912964 K440 Khpgs2wnf ModuleC:\PROGRA~1\HEWLET~1\HPSHAR~1\hpgs2wnf.exe -Embedding
svchost.exe9322,000 K2,284 KGeneric Host Process for Win32 ServicesMicrosoft CorporationC:\WINDOWS\system32\svchost.exe -k rpcss
MsMpEng.exe972170,924 K48,428 KAntimalware Service ExecutableMicrosoft Corporation"c:\Program Files\Microsoft Security Client\Antimalware\MsMpEng.exe"
svchost.exe100819,816 K25,812 KGeneric Host Process for Win32 ServicesMicrosoft CorporationC:\WINDOWS\System32\svchost.exe -k netsvcs
svchost.exe10802,100 K2,168 KGeneric Host Process for Win32 ServicesMicrosoft CorporationC:\WINDOWS\system32\svchost.exe -k NetworkService
svchost.exe11643,400 K1,212 KGeneric Host Process for Win32 ServicesMicrosoft CorporationC:\WINDOWS\system32\svchost.exe -k LocalService
spoolsv.exe12764,508 K1,960 KSpooler SubSystem AppMicrosoft CorporationC:\WINDOWS\system32\spoolsv.exe
UMVPFSrv.exe13081,616 K140 KLogitech User mode UMVPF serviceLogitech Inc."C:\Program Files\Common Files\logishrd\LVMVFM\UMVPFSrv.exe"
svchost.exe5121,400 K784 KGeneric Host Process for Win32 ServicesMicrosoft CorporationC:\WINDOWS\system32\svchost.exe -k LocalService
SASCORE.EXE868732 K212 KCore ServiceSUPERAntiSpyware.com"C:\Program Files\SUPERAntiSpyware\SASCORE.EXE"
mDNSResponder.exe1436984 K1,064 KBonjour ServiceApple Inc."C:\Program Files\Bonjour\mDNSResponder.exe"
CLCapSvc.exe14485,944 K848 KCLCapSvc Module"C:\Program Files\CyberLink\PowerCinema\Kernel\TV\CLCapSvc.exe"
CLMLServer.exe15088,664 K1,080 KNT CLMLServerCyberlink"C:\Program Files\CyberLink\PowerCinema\Kernel\CLML_NTService\CLMLServer.exe"
SAgent2.exe15801,764 K484 KEPSON Printer Status AgentSEIKO EPSON CORPORATION"C:\Program Files\Common Files\EPSON\EBAPI\SAgent2.exe"
jqs.exe17688,816 K1,380 KJava(TM) Quick Starter ServiceSun Microsystems, Inc."C:\Program Files\Java\jre6\bin\jqs.exe" -service -config "C:\Program Files\Java\jre6\lib\deploy\jqs\jqs.conf"
LSSrvc.exe1596632 K140 KHewlett-Packard Company"C:\Program Files\Common Files\LightScribe\LSSrvc.exe"
McciCMService.exe22642,036 K1,432 Kmcci+McciCMServiceAlcatel-Lucent"C:\Program Files\Common Files\Motive\McciCMService.exe"
MDM.EXE2284964 K476 KMachine Debug ManagerMicrosoft Corporation"C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE"
nvsvc32.exe23362,680 K2,472 KNVIDIA Driver Helper Service, Version 175.19NVIDIA CorporationC:\WINDOWS\system32\nvsvc32.exe
HPZIPM12.EXE2352556 K276 KPML DriverHPC:\WINDOWS\System32\spool\DRIVERS\W32X86\3\HPZIPM12.EXE
svchost.exe24162,756 K2,644 KGeneric Host Process for Win32 ServicesMicrosoft CorporationC:\WINDOWS\system32\svchost.exe -k imgsvc
CLSched.exe25041,460 K880 KCLSched Module"C:\Program Files\CyberLink\PowerCinema\Kernel\TV\CLSched.exe"
dialdictate.exe254027,956 K404 KDial DictateNCH Software"C:\Program Files\NCH Swift Sound\DialDictate\dialdictate.exe" -service
iPodService.exe30802,472 K1,504 KiPodService Module (32-bit)Apple Inc."C:\Program Files\iPod\bin\iPodService.exe"
alg.exe33521,188 K240 KApplication Layer Gateway ServiceMicrosoft CorporationC:\WINDOWS\System32\alg.exe
lsass.exe5884,080 K1,416 KLSA Shell (Export Version)Microsoft CorporationC:\WINDOWS\system32\lsass.exe
explorer.exe162850.0053,632 K32,584 KWindows ExplorerMicrosoft CorporationC:\WINDOWS\Explorer.EXE
hpgs2wnd.exe1800936 K444 Khpgs2wndHewlett-Packard"C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe"
BTHelpNotifier.exe18121.542,240 K2,584 Kmcci+McciTrayAppAlcatel-Lucent"C:\Program Files\BT Broadband Desktop Help\btbb\BTHelpNotifier.exe"
BTHelpBrowser.exe676010,112 K18,904 Kmcci+McciBrowserAlcatel-Lucent"C:\Program Files\BT Broadband Desktop Help\btbb\BTHelpBrowser.exe" /APPKEY=btbb /URL=file:///C:/Program Files/BT Broadband Desktop Help/btbb/OCB/d153fd8a-965a-4485-845b-effd12a9f06f/Tasks.html
BTHelpBrowser.exe68528,840 K16,004 Kmcci+McciBrowserAlcatel-Lucent"C:\Program Files\BT Broadband Desktop Help\btbb\BTHelpBrowser.exe" -AppKey=btbb -url=https://pbttbc.bt.motive.com/portal/smptasks.jsp?taskid=1
FUFAXSTM.exe18367,792 K1,188 KFAX Status MonitorSEIKO EPSON CORPORATION"C:\Program Files\Epson Software\FAX Utility\FUFAXSTM.exe"
EEventManager.exe18443,416 K1,004 KEEventManager ApplicationSEIKO EPSON CORPORATION"C:\Program Files\Epson Software\Event Manager\EEventManager.exe"
jusched.exe1864856 K200 KJava(TM) 2 Platform Standard Edition binarySun Microsystems, Inc."C:\Program Files\Java\jre1.5.0_05\bin\jusched.exe"
realsched.exe19001,540 K232 KRealNetworks SchedulerRealNetworks, Inc."C:\program files\real\realplayer\update\realsched.exe" -osboot
dialdictate.exe200429,028 K1,520 KDial DictateNCH Software"C:\Program Files\NCH Swift Sound\DialDictate\dialdictate.exe" -logon
msseces.exe1524,880 K2,976 KMicrosoft Security Client User InterfaceMicrosoft Corporation"C:\Program Files\Microsoft Security Client\msseces.exe" -hide -runkey
SUPERANTISPYWARE.EXE38431,668 K796 KSUPERAntiSpyware ApplicationSUPERAntiSpyware.com"C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe"
ctfmon.exe4001,188 K2,172 KCTF LoaderMicrosoft Corporation"C:\WINDOWS\system32\ctfmon.exe"
procexp.exe148411,660 K13,144 KSysinternals Process ExplorerSysinternals - www.sysinternals.com"C:\Program Files\procexp.exe"
firefox.exe664889,488 K102,004 KFirefoxMozilla Corporation"C:\Program Files\Mozilla Firefox\firefox.exe"
kbd.exe40163,704 K1,784 KKBD EXEHewlett-Packard CompanyC:\HP\KBD\KBD.EXE
hpsysdrv.exe992880 K760 KhpsysdrvHewlett-Packard Companyc:\windows\system\hpsysdrv.exe
No messages today on cold start and CPU usage has regularised to average 93% free so, subject to repetitions, looking like a fix. I presume you'd recommend I don't re-install McAfee then? Also, should I get a separate firewall or will MSE manage that too?

AlexQuote
I presume you'd recommend I don't re-install McAfee then? Also, should I get a separate firewall or will MSE manage that too?
I'm not a big fan of McAfee. The Windows Firewall in XP is not much good because it only blocks incoming. Outgoing is the most harmful. I really depends on how much security you want on your pc. If you're doing financial dealings then I would recomment a third-party firewall.See suggestions below.

To remove all of the tools we used and the files and folders they created do the following:
Double click OTL.exe.
  • Click the CleanUp button.
  • Select Yes when the "Begin cleanup Process?" prompt appears.
  • If you are prompted to Reboot during the cleanup, select Yes.
  • The tool will delete itself once it finishes.
Note: If any tool, file or folder (belonging to the program we have used) hasn't been deleted, please delete it manually.
*********************************************************
Looking over your log it seems you don't have any evidence of a third party firewall.

Firewalls protect against hackers and malicious intruders. You need to download a free firewall from one of these reliable vendors.

Remember only install ONE firewall

1) Comodo Personal Firewall (Uncheck during installation "Install Comodo SafeSurf..", Make Comodo my default search provider" and "Make Comodo Search my homepage" and uncheck any HopSurf and/or Ask.com options if you choose this one)
2) Online Armor
3) Agnitum Outpost
4) PC Tools Firewall Plus

If you are using the built-in Windows XP firewall, it is not recommended as it does not block outgoing connections. This means that any malware on your computer is free to "phone home" for more instructions. Simply put, Windows XP contains a mediocre firewall. This firewall is NO replacement for a dedicated software solution. Remember to use only one firewall at the same time.
Good luck!Thanks for your help Dave - HOPE it's been as intriguing for you as it has been frustrating for me. I'll get on with finding a firewall and doing the cleanup.

Regards

AlexYou're welcome. I will lock this thread. If you need it re-opened, please send me a pm.


Discussion

No Comment Found

Related InterviewSolutions